YAF Core Library

Introduction

The YAF Core Library (libyaf) provides YAF file and stream I/O primitives for reading and writing YAF bidirectional flow data in IPFIX files and via the IPFIX protocol. It also provides packet decode, fragment reassembly, and flow generation routines for YAF.

yafcore.h provides the YAF I/O interface. The packet decode interface is defined in decode.h. The fragment reassembly interface is defined in yafrag.h, and the flow generator interface is defined in yaftab.h.

picq.h defines a generic pickable queue used in fragment reassembly and flow generation.

Building

The YAF Core Library is automatically built and installed as part of the YAF installation process.

Copyright

YAF is copyright 2006-2023 Carnegie Mellon University, and is released under the GNU General Public License. See the COPYING file in the distribution for details.

YAF was developed at the CERT Network Situational Awareness Group by Brian Trammell and the CERT Network Situational Awareness Group Engineering Team.