yfFlow_st Struct Reference
A YAF flow. More...
#include <yafcore.h>
Data Fields | |
| uint64_t | stime |
| Flow start time in epoch milliseconds. | |
| uint64_t | etime |
| Flow end time in epoch milliseconds. | |
| void * | hfctx [YAF_MAX_HOOKS] |
| Hook flow context array. | |
| int32_t | rdtime |
| uint16_t | appLabel |
| Application label for this flow. | |
| uint8_t | reason |
| Flow termination reason (YAF_END_ macros, per IPFIX standard). | |
| uint8_t | pcap_serial |
| Keep track of number of pcap files for this flow. | |
| uint8_t | sourceMacAddr [ETHERNET_MAC_ADDR_LENGTH] |
| src Mac Address | |
| uint8_t | destinationMacAddr [ETHERNET_MAC_ADDR_LENGTH] |
| destination Mac Address | |
| uint8_t | pcap_file_no |
| Pcap File "ID" so we know when to make entries in metadata file. | |
| pcap_dumper_t * | pcap |
| Pcap File Ptr. | |
| uint8_t | pktdir |
| non empty packet directions, 1, or 0 | |
| yfFlowVal_t | val |
| Forward value. | |
| yfFlowVal_t | rval |
| Reverse value. | |
| yfFlowKey_t | key |
| Flow key. | |
Detailed Description
A YAF flow.
Joins a flow key with forward and reverse flow values in time.
- Note:
- if you edit the layout of this structure, you must make a corresponding edit of the yfFlowIPv4_t structure in yaftab.c
Field Documentation
| void* yfFlow_st::hfctx[YAF_MAX_HOOKS] |
Hook flow context array.
Used by extensions to store per-flow state. An array of ptr's - one per hook.
The documentation for this struct was generated from the following file: