 |
Myra Canyon
v0.0.1-768
network control
|
|
|
Myra Canyon
v0.0.1-768
network control
|
|
The Flow class represents both sides of a network connection.
More...
#include "Flow.hpp"
Public Member Functions | |
| ~Flow (void) | |
| Destructor. More... | |
| Flow (const FlowHash hash=0) | |
| Constructor. More... | |
| Flow (const Flow &rhs) | |
| Copy constructor for insertion into std::map. More... | |
| Flow & | setup_traffic_exams (void) |
| Setup all of the relevant traffic exams for the given flow. More... | |
| Flow & | setup_port_based_traffic_exams (void) |
| Last-ditch effort at identification uses simplistic port-based exams. More... | |
| Flow & | add_packet (const uint8_t *raw, const std::size_t len, const L2::Ethertype type) |
| Add another packet to this flow, and call the traffic exams. More... | |
| std::string | to_string (void) const |
| Use traffic_types to come up with a text string describing the flow. More... | |
| Flow & | add_type (const Myra::Traffic::Type type) |
| Add a type to traffic_types and set update_in_db if appropriate. More... | |
| Flow & | del_type (const Myra::Traffic::Type type) |
| Remove a type from traffic_types and set update_in_db if appropriate. More... | |
| Flow & | replace_type (const Myra::Traffic::Type old_type, const Myra::Traffic::Type new_type) |
| Remove a type (if it exists) from traffic_types and add a new type. More... | |
| STAT | total_number_of_packets (void) const |
| Get the total number of packets in this flow. More... | |
| STAT | total_number_of_bytes (void) const |
| Get the total number of bytes in this flow. More... | |
| Flow & | replace_example_packet (const Myra::PktInfo &new_info) |
| Replace example packet with this packet. Normally called once a flow has been classified. More... | |
| Flow & | replace_example_packet (const uint8_t *raw, const std::size_t len, const L2::Ethertype type) |
Public Attributes | |
| Myra::DB::Id | db_id |
Database ID for this flow in the flows table. More... | |
| bool | update_in_db |
If something important has changed about this flow (such as a newly-discovered traffic type), set this flag to true to force an update in the database. More... | |
| FlowHash | hash |
| Unique hash for this flow. More... | |
| FlowHash | parent_flow |
| A related or parent flow. More... | |
| Traffic::Types | traffic_types |
| Different things we've identified in this flow. More... | |
| FlowStats | current_stats |
| Current flow statistics. More... | |
| FlowStats | total_stats |
| Total statistics over the entire life of the flow. More... | |
| VBytes | example_packet |
| An example packet from this flow. More... | |
| PktInfo | info |
| Information on this flow taken from the example packet. More... | |
| HostLookupMap | host_map |
| Names and addresses of hosts, such as those discovered in DNS or HTTP flows. More... | |
| SStr | urls |
| URLs, such as those discovered in HTTP flows. More... | |
| FlowTuple | tuple |
| Flow tuple based on the first packet of the flow. More... | |
| IPv4_ADDR | in_addr |
| Inside address. More... | |
| IPv4_ADDR | out_addr |
| Outside address. More... | |
| PORT | in_port |
| Inside port. More... | |
| PORT | out_port |
| Outside port. More... | |
| std::string | address_1_name |
| Formatted name of "source" address and port, such as "10.0.1.9:58325". More... | |
| std::string | address_2_name |
| Formatted name of "destination" address and port, such as "9.8.7.6:443". More... | |
| TrafficExams | traffic_exams |
| All relevant traffic examination functions to call when a new packet arrives. More... | |
The Flow class represents both sides of a network connection.
It includes type information which is obtained by examining packets from the flow.
| Myra::Flow::~Flow | ( | void | ) |
Destructor.
| Myra::Flow::Flow | ( | const FlowHash | hash = 0 | ) |
Constructor.
| Myra::Flow::Flow | ( | const Flow & | rhs | ) |
Copy constructor for insertion into std::map.
| Myra::Flow & Myra::Flow::add_packet | ( | const uint8_t * | raw, |
| const std::size_t | len, | ||
| const L2::Ethertype | type | ||
| ) |
Add another packet to this flow, and call the traffic exams.
|
inline |
Add a type to traffic_types and set update_in_db if appropriate.
|
inline |
Remove a type from traffic_types and set update_in_db if appropriate.
| Myra::Flow & Myra::Flow::replace_example_packet | ( | const Myra::PktInfo & | new_info | ) |
Replace example packet with this packet. Normally called once a flow has been classified.
| Myra::Flow & Myra::Flow::replace_example_packet | ( | const uint8_t * | raw, |
| const std::size_t | len, | ||
| const L2::Ethertype | type | ||
| ) |
|
inline |
Remove a type (if it exists) from traffic_types and add a new type.
| Myra::Flow & Myra::Flow::setup_port_based_traffic_exams | ( | void | ) |
Last-ditch effort at identification uses simplistic port-based exams.
| Myra::Flow & Myra::Flow::setup_traffic_exams | ( | void | ) |
Setup all of the relevant traffic exams for the given flow.
|
inline |
Use traffic_types to come up with a text string describing the flow.
|
inline |
Get the total number of bytes in this flow.
This includes both the current number of bytes and those that have already been written to the database.
|
inline |
Get the total number of packets in this flow.
This includes both the current number of packets and those that have already been written to the database.
| std::string Myra::Flow::address_1_name |
Formatted name of "source" address and port, such as "10.0.1.9:58325".
| std::string Myra::Flow::address_2_name |
Formatted name of "destination" address and port, such as "9.8.7.6:443".
| FlowStats Myra::Flow::current_stats |
Current flow statistics.
These stats have not yet been added to total_stats, nor have they been written to the database. These stats are regularly reset to zero by Myra::DB::record_stats() once a database flow stat record has been written out to the database. This happens approximately every second.
| Myra::DB::Id Myra::Flow::db_id |
Database ID for this flow in the flows table.
This value will be zero until the flow is seen by Myra::Server::flow_rollup_thread().
| VBytes Myra::Flow::example_packet |
An example packet from this flow.
| FlowHash Myra::Flow::hash |
Unique hash for this flow.
| HostLookupMap Myra::Flow::host_map |
Names and addresses of hosts, such as those discovered in DNS or HTTP flows.
| IPv4_ADDR Myra::Flow::in_addr |
Inside address.
| PORT Myra::Flow::in_port |
Inside port.
| PktInfo Myra::Flow::info |
Information on this flow taken from the example packet.
| IPv4_ADDR Myra::Flow::out_addr |
Outside address.
| PORT Myra::Flow::out_port |
Outside port.
| FlowHash Myra::Flow::parent_flow |
A related or parent flow.
| FlowStats Myra::Flow::total_stats |
Total statistics over the entire life of the flow.
These stats do not yet include the statistics in current_stats, since the current_stats are added to total_stats only once the flow rollup event takes place.
| TrafficExams Myra::Flow::traffic_exams |
All relevant traffic examination functions to call when a new packet arrives.
This vector is modified to remove irrelevant exams as additional packets are examined.
| Traffic::Types Myra::Flow::traffic_types |
Different things we've identified in this flow.
| bool Myra::Flow::update_in_db |
If something important has changed about this flow (such as a newly-discovered traffic type), set this flag to true to force an update in the database.
| SStr Myra::Flow::urls |
URLs, such as those discovered in HTTP flows.
1.8.8 