Go to the source code of this file.
Data Structures | |
| struct | yfFlowTabConfig_st |
| Configuration settings used to initalize the flow table in yfFlowTabAlloc(). More... | |
| struct | yfFlowTabStats_st |
| Flow table statistics. More... | |
Macros | |
| #define | YAF_STAT_CLOSED_SIZE 6 |
| Size of yfFlowTabStats_t.stat_closed[] table for holding YAF_END_* reasons. | |
Typedefs | |
| typedef struct yfFlowTab_st | yfFlowTab_t |
| A flow table. | |
| typedef struct yfFlowTabConfig_st | yfFlowTabConfig_t |
| Configuration settings used to initalize the flow table in yfFlowTabAlloc(). | |
| typedef struct yfFlowTabStats_st | yfFlowTabStats_t |
| Flow table statistics. | |
Functions | |
| yfFlowTab_t * | yfFlowTabAlloc (const yfFlowTabConfig_t *ftconfig, void **hfctx) |
| yfFlowTabAlloc | |
| void | yfFlowTabFree (yfFlowTab_t *flowtab) |
| Free a previously allocated flow table. | |
| void | yfUpdateRollingPcapFile (yfFlowTab_t *flowtab, char *new_file_name) |
| Update the Pcap Filename in the Flowtab for pcap meta data output. | |
| void | yfFlowTabGetStats (const yfFlowTab_t *flowtab, yfFlowTabStats_t *tabstats) |
| Fills tabstats with a copy of the current statistics for the flow table. | |
| void | yfFlowPBuf (yfFlowTab_t *flowtab, size_t pbuflen, yfPBuf_t *pbuf) |
| Add a decoded packet buffer to a given flow table. | |
| gboolean | yfFlowTabFlush (void *yfContext, gboolean close, GError **err) |
| Flush closed flows in the given flow table to the given IPFIX Message Buffer. | |
| void | yfFlowTabCurrentTime (const yfFlowTab_t *flowtab, yfTime_t *yftime) |
| Get the current packet clock from a flow table. | |
| uint64_t | yfFlowTabDumpStats (yfFlowTab_t *flowtab, GTimer *timer) |
| Print flow table statistics to the log. | |
Detailed Description
Flow generation interface for YAF.
[TODO - frontmatter]
This facility is used by YAF to assemble packets into flows.
Macro Definition Documentation
◆ YAF_STAT_CLOSED_SIZE
| #define YAF_STAT_CLOSED_SIZE 6 |
Size of yfFlowTabStats_t.stat_closed[] table for holding YAF_END_* reasons.
(YAF_END_* are defined in yafcore.h.) Values 1 to YAF_STAT_CLOSED_SIZE-1 get their own bins; Values YAF_STAT_CLOSED_SIZE and larger go into bin 0.
Typedef Documentation
◆ yfFlowTab_t
| typedef struct yfFlowTab_st yfFlowTab_t |
A flow table.
Opaque. Create with yfFlowTabAlloc() and free with yfFlowTabFree().
◆ yfFlowTabStats_t
| typedef struct yfFlowTabStats_st yfFlowTabStats_t |
Flow table statistics.
Unless otherwise noted, all values are relative to yaf's invocation.
Function Documentation
◆ yfFlowPBuf()
| void yfFlowPBuf | ( | yfFlowTab_t * | flowtab, |
| size_t | pbuflen, | ||
| yfPBuf_t * | pbuf ) |
Add a decoded packet buffer to a given flow table.
Adds the packet to the flow to which it belongs, creating a new flow if necessary. Causes the flow to which it belongs to time out if it is longer than the active timeout. Closes the flow if the flow closure conditions (TCP RST, TCP FIN four-way teardown) are met.
- Parameters
-
flowtab flow table to add the packet to pbuflen size of the packet buffer pbuf pbuf packet buffer containing decoded packet to add.
◆ yfFlowTabAlloc()
| yfFlowTab_t * yfFlowTabAlloc | ( | const yfFlowTabConfig_t * | ftconfig, |
| void ** | hfctx ) |
yfFlowTabAlloc
Allocate a flow table.
- Parameters
-
ftconfig The configuration settings to use for the table. hfctx The plugin hooks context variable (NULL if plugins not enabled)
- Returns
- a new flow table.
◆ yfFlowTabCurrentTime()
| void yfFlowTabCurrentTime | ( | const yfFlowTab_t * | flowtab, |
| yfTime_t * | yftime ) |
Get the current packet clock from a flow table.
- Parameters
-
flowtab a flow table output variable where the function stores the current packet clock
◆ yfFlowTabDumpStats()
| uint64_t yfFlowTabDumpStats | ( | yfFlowTab_t * | flowtab, |
| GTimer * | timer ) |
Print flow table statistics to the log.
- Parameters
-
flowtab flow table to dump stats for timer a GTimer containing the runtime (for packet and flow rate logging). May be NULL to suppress rate logging.
◆ yfFlowTabFlush()
| gboolean yfFlowTabFlush | ( | void * | yfContext, |
| gboolean | close, | ||
| GError ** | err ) |
Flush closed flows in the given flow table to the given IPFIX Message Buffer.
Causes any idle flows to time out, removing them from the active flow table; also enforces the flow table's resource limit. If close is TRUE, additionally closes all active flows and flushes as well.
- Parameters
-
yfContext YAF thread context structure, holds pointers for the flowtable from which to flush flows and the fbuf, the destination to which the flows should be flushed close close all active flows before flushing err An error description pointer; must not be NULL.
- Returns
- TRUE on success, FALSE otherwise.
◆ yfFlowTabFree()
| void yfFlowTabFree | ( | yfFlowTab_t * | flowtab | ) |
Free a previously allocated flow table.
Discards any outstanding active flows without closing or flushing them; use yfFlowTabFlush() with close set to TRUE before yfFlowTabFree() to do this.
- Parameters
-
flowtab a flow table allocated by yfFlowTabAlloc()
◆ yfFlowTabGetStats()
| void yfFlowTabGetStats | ( | const yfFlowTab_t * | flowtab, |
| yfFlowTabStats_t * | tabstats ) |
Fills tabstats with a copy of the current statistics for the flow table.
- Parameters
-
flowtab flow table tabstats destination for the flow table's statistics
◆ yfUpdateRollingPcapFile()
| void yfUpdateRollingPcapFile | ( | yfFlowTab_t * | flowtab, |
| char * | new_file_name ) |
Update the Pcap Filename in the Flowtab for pcap meta data output.
- Parameters
-
flowtab pointer to flow table new_file_name the filename of the next pcap file to write to
