yfFlow_st Struct Reference

#include <yafcore.h>

Data Fields

uint64_t stime
 Flow start time in epoch milliseconds.
uint64_t etime
 Flow end time in epoch milliseconds.
int32_t rdtime
uint8_t reason
 Flow termination reason (YAF_END_ macros, per IPFIX standard)
uint8_t pcap_serial
 Keep track of number of pcap files for this flow.
uint8_t sourceMacAddr [ETHERNET_MAC_ADDR_LENGTH]
 src Mac Address
uint8_t destinationMacAddr [ETHERNET_MAC_ADDR_LENGTH]
 destination Mac Address
uint8_t pcap_file_no
 Pcap File "ID" so we know when to make entries in metadata file.
uint8_t pktdir
 non empty packet directions, 1, or 0
uint8_t rtos
 reverse ToS (fwd in flowKey)
pcap_dumper_t * pcap
 Pcap File Ptr.
yfMPTCPFlow_t mptcp
 MPTCP Flow.
yfFlowVal_t val
 Forward value.
yfFlowVal_t rval
 Reverse value.
yfFlowKey_t key
 Flow key.

Detailed Description

A YAF flow.

Joins a flow key with forward and reverse flow values in time.

if you edit the layout of this structure, you must make a corresponding edit of the yfFlowIPv4_t structure in yaftab.c

The documentation for this struct was generated from the following file: