nafcore.h File Reference
NAF Core Library. More...
#include <naf/autoinc.h>
Go to the source code of this file.
Data Structures | |
| struct | _NAFlowKey |
| An aggregated flow key. More... | |
| struct | _NAFlowVUC |
| Flow Value Unique Counters. More... | |
| struct | _NAFlowVal |
| An aggregated flow value. More... | |
| struct | _NAFlow |
| A full aggregated flow; the unification of a flow key and value. More... | |
| struct | _NAFlowRaw |
| A raw flow record. More... | |
| struct | _NAFlowMask |
| A flow mask. More... | |
Defines | |
| #define | NAF_FM_SRCID 0x00000001 |
| Fieldmask bit for source identifier. | |
| #define | NAF_FM_SIP 0x00000002 |
| Fieldmask bit for source IP address. | |
| #define | NAF_FM_SIPMASK 0x00000004 |
| Fieldmask bit for source IP address CIDR mask length. | |
| #define | NAF_FM_DIP 0x00000008 |
| Fieldmask bit for destination IP address. | |
| #define | NAF_FM_DIPMASK 0x00000010 |
| Fieldmask bit for destination IP address CIDR mask length. | |
| #define | NAF_FM_PROTO 0x00000020 |
| Fieldmask bit for IP protocol. | |
| #define | NAF_FM_SP 0x00000040 |
| Fieldmask bit for source transport port. | |
| #define | NAF_FM_DP 0x00000080 |
| Fieldmask bit for destination transport port and ICMP type/code. | |
| #define | NAF_FM_OCT 0x00000100 |
| Fieldmask bit for forward octet count. | |
| #define | NAF_FM_ROCT 0x00000200 |
| Fieldmask bit for reverse octet count. | |
| #define | NAF_FM_PKT 0x00000400 |
| Fieldmask bit for forward packet count. | |
| #define | NAF_FM_RPKT 0x00000800 |
| Fieldmask bit for reverse packet count. | |
| #define | NAF_FM_FLO 0x00001000 |
| Fieldmask bit for forward flow count. | |
| #define | NAF_FM_RFLO 0x00002000 |
| Fieldmask bit for reverse flow count. | |
| #define | NAF_FM_SHOSTC 0x00004000 |
| Fieldmask bit for source host count. | |
| #define | NAF_FM_DHOSTC 0x00008000 |
| Fieldmask bit for destination host count. | |
| #define | NAF_FM_SPORTC 0x00010000 |
| Fieldmask bit for source port count. | |
| #define | NAF_FM_DPORTC 0x00020000 |
| Fieldmask bit for destination port count. | |
| #define | NAF_FM_REVSORT 0x10000000 |
| Internal fieldmask pseudofield bit for reverse (descending) sort. | |
| #define | NAF_FM_MTOTAL 0x20000000 |
| Internal fieldmask pseudofield bit for totaling counts. | |
| #define | NAF_FM_VPAD 0x40000000 |
| Internal fieldmask pseudofield bit for in-memory padding. | |
| #define | NAF_FM_VSTIME 0x80000000 |
| Internal fieldmask pseudofield bit for bin. | |
| #define | NAF_FM_MASKF 0x0003FFFF |
| Mask for real field bits. | |
| #define | NAF_FM_MASKINT 0xF0000000 |
| Mask for pseudofield bits. | |
| #define | NAF_BA_NONE 0x00000000 |
| Binning algorithm number for no binning algorithm selected. | |
| #define | NAF_BA_UNIFORM 0x00000001 |
| Binning algorithm number for uniform binning. | |
| #define | NAF_BA_START 0x00000002 |
| Binning algorithm number for start-time binning. | |
| #define | NAF_BA_END 0x00000003 |
| Binning algorithm number for end-time binning. | |
| #define | NAF_IP_ICMP 1 |
| Convenience macro for ICMP IP protocol number. | |
| #define | NAF_IP_TCP 6 |
| Convenience macro for TCP IP protocol number. | |
| #define | NAF_IP_UDP 17 |
| Convenience macro for UDP IP protocol number. | |
| #define | NAF_ERROR_DOMAIN (g_quark_from_string("certNAFError")) |
| GError domain for NAF errors. | |
| #define | NAF_ERROR_HEADER 1 |
| A NAF file header was malformed. | |
| #define | NAF_ERROR_ARGUMENT 2 |
| Illegal argument error. | |
| #define | NAF_ERROR_IO 3 |
| General I/O error. | |
| #define | NAF_ERROR_HORIZON 4 |
| Horizon violation. | |
| #define | NAF_ERROR_MULTIPLE 5 |
| Multiple errors were encountered and logged. | |
| #define | NAF_ERROR_EOF 6 |
| End of file on read from driver layer. | |
Typedefs | |
| typedef uint32_t | NAFTimeSec |
| A time in epoch seconds, or a bin number. | |
| typedef _NAFlowKey | NAFlowKey |
| An aggregated flow key. | |
| typedef _NAFlowVUC | NAFlowVUC |
| Flow Value Unique Counters. | |
| typedef _NAFlowVal | NAFlowVal |
| An aggregated flow value. | |
| typedef _NAFlow | NAFlow |
| A full aggregated flow; the unification of a flow key and value. | |
| typedef _NAFlowRaw | NAFlowRaw |
| A raw flow record. | |
| typedef _NAFlowMask | NAFlowMask |
| A flow mask. | |
Functions | |
| fbInfoModel_t * | nfInfoModel () |
| Get the NAF application global IPFIX information model, initializing it if necessary. | |
| fBuf_t * | nfReaderForFP (fBuf_t *fbuf, FILE *fp, NAFlowMask *mask, GError **err) |
| Begin reading a NAF file. | |
| gboolean | nfRead (fBuf_t *fbuf, NAFlowMask *mask, NAFlowKey *key, NAFlowVal *val, GError **err) |
| Read a single NAF record from a NAF file. | |
| fBuf_t * | nfWriterForFP (fBuf_t *fbuf, FILE *fp, uint32_t domain, NAFlowMask *mask, GError **err) |
| Begin writing NAF data to an open file. | |
| gboolean | nfWrite (fBuf_t *fbuf, NAFlowMask *mask, NAFlowKey *key, NAFlowVal *val, GError **err) |
| Write a single NAF record to an IPFIX message buffer returned by nfWriterForFP(). | |
| gboolean | nfWriterClose (fBuf_t *fbuf, GError **err) |
| Finish writing a NAF file. | |
| void | nfDumpFlow (NAFlowKey *key, NAFlowVal *val, const char *inf) |
| Internal debugging routine to dump a flow to standard error. | |
Detailed Description
NAF Core Library.Defines API for reading and writing NAF files, and the aggregated flow data structures.
Define Documentation
| #define NAF_ERROR_DOMAIN (g_quark_from_string("certNAFError")) |
GError domain for NAF errors.
All NAF tool errors belong to this domain, not just those returned by the NAF Core Library. In addition, NAF core library routines can return libfixbuf errors if reading or writing fails.
| #define NAF_ERROR_EOF 6 |
End of file on read from driver layer.
Driver-mediated raw flow input must set this error on read EOF.
| #define NAF_ERROR_HEADER 1 |
A NAF file header was malformed.
The file is probably not a NAF file.
| #define NAF_ERROR_HORIZON 4 |
Horizon violation.
A flow was dropped because its bin was flushed.
Typedef Documentation
A full aggregated flow; the unification of a flow key and value.
This is convenient for postprocessing and sorting, as in nafilter.
| typedef struct _NAFlowKey NAFlowKey |
An aggregated flow key.
NAF flows are stored and handled internally as a split data structure - a key which identifies the aggregated flow, and a value which counts octets, packets, flows, and hosts associated with it.
| typedef struct _NAFlowMask NAFlowMask |
A flow mask.
Flow masks are used to describe aggregation operations, as well as which values are present in a NAF file.
| typedef struct _NAFlowRaw NAFlowRaw |
A raw flow record.
This is the interface between the various NAF aggregation input facilities and the NAF aggregation core.
| typedef struct _NAFlowVal NAFlowVal |
An aggregated flow value.
Together with an aggregated flow key, stores an aggregated flow.
| typedef struct _NAFlowVUC NAFlowVUC |
Flow Value Unique Counters.
Used internally by nafalize to count unique hosts during aggregation. You shouldn't need this structure outside nafalize.
Function Documentation
Internal debugging routine to dump a flow to standard error.
- Parameters:
-
key key to dump val value to dump inf short string describing type of flow dump
| fbInfoModel_t* nfInfoModel | ( | ) |
Get the NAF application global IPFIX information model, initializing it if necessary.
- Returns:
- the NAF application global IPFIX information model.
| gboolean nfRead | ( | fBuf_t * | fbuf, | |
| NAFlowMask * | mask, | |||
| NAFlowKey * | key, | |||
| NAFlowVal * | val, | |||
| GError ** | err | |||
| ) |
Read a single NAF record from a NAF file.
Takes a libfixbuf message reader previously opened with naf_read_start(), and copies flow key and value into supplied buffers.
- Parameters:
-
fbuf IPFIX message buffer to read message from. mask mask structure filled in by nfReaderForFP(). key pointer to key to fill in with next record in file. val pointer to value to fill in with next record in file. err an error description; required.
- Returns:
- TRUE on success, FALSE otherwise. Check error against FIX_ERROR_EOF to determine if the buffer is at end of file. Check error against FIX_ERROR_EOM to determine if the buffer is not in automatic mode and at end of message.
| fBuf_t* nfReaderForFP | ( | fBuf_t * | fbuf, | |
| FILE * | fp, | |||
| NAFlowMask * | mask, | |||
| GError ** | err | |||
| ) |
Begin reading a NAF file.
Reads the file header and returns a flow mask describing the fields available in the file, and returns a libfixbuf message reader for reading NAF records from the file with naf_read().
- Parameters:
-
fbuf an optional IPFIX message buffer returned from a previous nfReaderForFP() call. If supplied, nfReaderForFP() will reuse the buffer instead of allocating a new one. If supplied and an error occurs, nfReaderForFP() will free the supplied buffer. Pass NULL to allocate a new buffer. fp file pointer to read from. mask pointer to a mask structure to store bin size and fieldmask into. Those fields of the supplied mask will be overwritten. err an error description; required.
- Returns:
- an IPFIX message buffer ready to read NAF records from, or NULL on error.
| gboolean nfWrite | ( | fBuf_t * | fbuf, | |
| NAFlowMask * | mask, | |||
| NAFlowKey * | key, | |||
| NAFlowVal * | val, | |||
| GError ** | err | |||
| ) |
Write a single NAF record to an IPFIX message buffer returned by nfWriterForFP().
Copies and encodes flow key and value into the buffer.
- Parameters:
-
fbuf IPFIX message buffer to write message to. mask mask structure used to open file with nfWriterForFP(). key pointer to key to write to file. val pointer to value to write to file. err an error description; required.
- Returns:
- TRUE on success, FALSE otherwise.
| gboolean nfWriterClose | ( | fBuf_t * | fbuf, | |
| GError ** | err | |||
| ) |
Finish writing a NAF file.
The underlying file pointer passed to nfWriterForFP() is not automatically closed by this call.
- Parameters:
-
fbuf IPFIX message buffer from nfWriterForFP() to close. err an error description, set on failure
- Returns:
- TRUE on success, FALSE otherwise.
| fBuf_t* nfWriterForFP | ( | fBuf_t * | fbuf, | |
| FILE * | fp, | |||
| uint32_t | domain, | |||
| NAFlowMask * | mask, | |||
| GError ** | err | |||
| ) |
Begin writing NAF data to an open file.
Writes a file header for a given file mask and prepares an IPFIX message to write to the file with nfWrite().
- Parameters:
-
fbuf an optional IPFIX message buffer returned from a previous nfWriterForFP() call. If supplied, nfWriterForFP() will reuse the writer instead of allocating a new one. If supplied and an error occurs, nfWriterForFP() will free the supplied writer. Pass NULL to allocate a new reader. fp file pointer to write to. domain observation domain to export flows in mask mask structure to get bin size and fieldmask from. The mask defines which fields will appear in the output. err an error description; required.
- Returns:
- an IPFIX message buffer ready to write NAF records to, or NULL on error.