yafrag.h File Reference
#include <yaf/autoinc.h>
#include <yaf/decode.h>
#include <yaf/yafcore.h>

Go to the source code of this file.

Typedefs

typedef struct yfFragTab_st yfFragTab_t
 A fragment table. More...
 

Functions

yfFragTab_tyfFragTabAlloc (uint32_t idle_ms, uint32_t max_frags, uint32_t max_payload)
 Allocate a fragment table. More...
 
void yfFragTabFree (yfFragTab_t *fragtab)
 Free a fragment table. More...
 
gboolean yfDefragPBuf (yfFragTab_t *fragtab, yfIPFragInfo_t *fraginfo, size_t pbuflen, yfPBuf_t *pbuf, const uint8_t *pkt, size_t hdr_len)
 Defragment a fragment returned by yfDecodeToPBuf(). More...
 
void yfFragDumpStats (yfFragTab_t *fragtab, uint64_t packetTotal)
 Print fragment reassembler statistics to the log. More...
 
void yfGetFragTabStats (yfFragTab_t *fragtab, uint32_t *dropped, uint32_t *assembled, uint32_t *frags)
 Get Frag Stats to yfWriteStatsFlow for Stats Export. More...
 

Detailed Description

Fragment reassembly interface for YAF.

[TODO - new frontmatter]

This facility is used by the YAF flow generator.

Typedef Documentation

typedef struct yfFragTab_st yfFragTab_t

A fragment table.

Opaque. Create with yfFragTabAlloc() and free with yfFragTabFree().

Function Documentation

gboolean yfDefragPBuf ( yfFragTab_t fragtab,
yfIPFragInfo_t fraginfo,
size_t  pbuflen,
yfPBuf_t pbuf,
const uint8_t *  pkt,
size_t  hdr_len 
)

Defragment a fragment returned by yfDecodeToPBuf().

This adds the fragment to the given fragment table. If the fragment completes a fragmented packet, copies the assembled packet into the given pbuf, overwriting it, and returns TRUE. If the packet is not fragmented (that is, if fraginfo->frag is 0), has no effect and returns TRUE.

Parameters
fragtabfragment table to add fragment to
fraginfofragment information structure filled in by yfDecodeToPBuf()
pbuflensize of the packet buffer pbuf
pbufpacket buffer. On call, contains decoded fragmented packet to add to the fragment table. If this call returns TRUE, on return, contains assembled packet.
pktpkt buffer from libpcap. We need this to reassemble (memcpy) TCP header fragments when payload is not enabled.
hdr_lensize of the packet buffer pkt
Returns
TRUE if pbuf is valid and contains an assembled packet, FALSE otherwise.
void yfFragDumpStats ( yfFragTab_t fragtab,
uint64_t  packetTotal 
)

Print fragment reassembler statistics to the log.

Parameters
fragtabfragment table to dump stats for
packetTotaltotal number of packets observed
yfFragTab_t* yfFragTabAlloc ( uint32_t  idle_ms,
uint32_t  max_frags,
uint32_t  max_payload 
)

Allocate a fragment table.

Parameters
idle_msidle timeout in milliseconds. A fragmented packet for which no fragments are received over an idle timeout is dropped. Most host IPv4 implementations use 30 seconds (30000); it is recommended to use the same here.
max_fragsmaximum number of unreassembled fragmented packets. Fragmented packets exceeding this limit will be dropped in least-recent order. Used to limit resource usage of a fragment table. A value of 0 disables fragment count limits.
max_payloadmaximum octets of payload to capture per fragmented packet. A value of 0 disables payload reassembly.
Returns
a new fragment table.
void yfFragTabFree ( yfFragTab_t fragtab)

Free a fragment table.

Discards any outstanding fragmented packets within.

Parameters
fragtaba fragment table.
void yfGetFragTabStats ( yfFragTab_t fragtab,
uint32_t *  dropped,
uint32_t *  assembled,
uint32_t *  frags 
)

Get Frag Stats to yfWriteStatsFlow for Stats Export.

Parameters
fragtabpointer to fragmentation table
droppednumber of expired fragments
assemblednumber of assembled packets
fragsnumber of fragments