yafrag.h File Reference
Fragment reassembly interface for YAF. More...
#include <yaf/autoinc.h>#include <yaf/decode.h>#include <yaf/yafcore.h>Go to the source code of this file.
Typedefs | |
| typedef struct yfFragTab_st | yfFragTab_t |
| A fragment table. | |
Functions | |
| yfFragTab_t * | yfFragTabAlloc (uint32_t idle_ms, uint32_t max_frags, uint32_t max_payload) |
| Allocate a fragment table. | |
| void | yfFragTabFree (yfFragTab_t *fragtab) |
| Free a fragment table. | |
| gboolean | yfDefragPBuf (yfFragTab_t *fragtab, yfIPFragInfo_t *fraginfo, size_t pbuflen, yfPBuf_t *pbuf, const uint8_t *pkt, size_t hdr_len) |
| Defragment a fragment returned by yfDecodeToPBuf(). | |
| void | yfFragDumpStats (yfFragTab_t *fragtab, uint64_t packetTotal) |
| Print fragment reassembler statistics to the log. | |
| void | yfGetFragTabStats (yfFragTab_t *fragtab, uint32_t *dropped, uint32_t *assembled) |
| Get Frag Stats to yfWriteStatsFlow for Stats Export. | |
Detailed Description
Fragment reassembly interface for YAF.
[TODO - new frontmatter]
This facility is used by the YAF flow generator.
Typedef Documentation
| typedef struct yfFragTab_st yfFragTab_t |
A fragment table.
Opaque. Create with yfFragTabAlloc() and free with yfFragTabFree().
Function Documentation
| gboolean yfDefragPBuf | ( | yfFragTab_t * | fragtab, | |
| yfIPFragInfo_t * | fraginfo, | |||
| size_t | pbuflen, | |||
| yfPBuf_t * | pbuf, | |||
| const uint8_t * | pkt, | |||
| size_t | hdr_len | |||
| ) |
Defragment a fragment returned by yfDecodeToPBuf().
This adds the fragment to the given fragment table. If the fragment completes a fragmented packet, copies the assembled packet into the given pbuf, overwriting it, and returns TRUE. If the packet is not fragmented (that is, if fraginfo->frag is 0), has no effect and returns TRUE.
- Parameters:
-
fragtab fragment table to add fragment to fraginfo fragment information structure filled in by yfDecodeToPBuf() pbuflen size of the packet buffer pbuf pbuf packet buffer. On call, contains decoded fragmented packet to add to the fragment table. If this call returns TRUE, on return, contains assembled packet. pkt pkt buffer from libpcap. We need this to reassemble (memcpy) TCP header fragments when payload is not enabled. hdr_len size of the packet buffer pkt
- Returns:
- TRUE if pbuf is valid and contains an assembled packet, FALSE otherwise.
| void yfFragDumpStats | ( | yfFragTab_t * | fragtab, | |
| uint64_t | packetTotal | |||
| ) |
Print fragment reassembler statistics to the log.
- Parameters:
-
fragtab fragment table to dump stats for packetTotal total number of packets observed
| yfFragTab_t* yfFragTabAlloc | ( | uint32_t | idle_ms, | |
| uint32_t | max_frags, | |||
| uint32_t | max_payload | |||
| ) |
Allocate a fragment table.
- Parameters:
-
idle_ms idle timeout in milliseconds. A fragmented packet for which no fragments are received over an idle timeout is dropped. Most host IPv4 implementations use 30 seconds (30000); it is recommended to use the same here. max_frags maximum number of unreassembled fragmented packets. Fragmented packets exceeding this limit will be dropped in least-recent order. Used to limit resource usage of a fragment table. A value of 0 disables fragment count limits. max_payload maximum octets of payload to capture per fragmented packet. A value of 0 disables payload reassembly.
- Returns:
- a new fragment table.
| void yfFragTabFree | ( | yfFragTab_t * | fragtab | ) |
Free a fragment table.
Discards any outstanding fragmented packets within.
- Parameters:
-
fragtab a fragment table.
| void yfGetFragTabStats | ( | yfFragTab_t * | fragtab, | |
| uint32_t * | dropped, | |||
| uint32_t * | assembled | |||
| ) |
Get Frag Stats to yfWriteStatsFlow for Stats Export.
- Parameters:
-
fragtab pointer to fragmentation table dropped number of expired fragments assembled number of assembled packets