26 #ifndef __CORSARO_FLOWTUPLE_H
27 #define __CORSARO_FLOWTUPLE_H
76 #ifdef CORSARO_SLASH_EIGHT
216 corsaro_flowtuple_class_start_t *
class);
233 corsaro_flowtuple_class_end_t *
class);
291 #define CORSARO_FLOWTUPLE_BYTECNT (sizeof(struct corsaro_flowtuple))
295 #ifdef CORSARO_SLASH_EIGHT
296 #define CORSARO_FLOWTUPLE_IP_TO_SIXT(n32, flowtuple) \
298 (flowtuple)->dst_ip.b = ((n32 & htonl(0x00FF0000)) >> 8); \
299 (flowtuple)->dst_ip.c = ((n32 & htonl(0x0000FF00)) >> 16); \
300 (flowtuple)->dst_ip.d = ((n32 & htonl(0x000000FF)) >> 24); \
303 #define CORSARO_FLOWTUPLE_IP_TO_SIXT(n32, flowtuple) \
305 (flowtuple)->dst_ip = n32; \
310 #ifdef CORSARO_SLASH_EIGHT
311 #define CORSARO_FLOWTUPLE_SIXT_TO_IP(flowtuple) \
313 CORSARO_SLASH_EIGHT | \
314 (flowtuple)->dst_ip.b << 8 | \
315 (flowtuple)->dst_ip.c << 16 | \
316 (flowtuple)->dst_ip.d << 24 \
319 #define CORSARO_FLOWTUPLE_SIXT_TO_IP(flowtuple) \
320 ((flowtuple)->dst_ip)
324 #define CORSARO_FLOWTUPLE_SHIFT_AND_XOR(value) h ^= (h<<5) + (h>>27) + (value)
358 #ifdef CORSARO_SLASH_EIGHT
359 #define corsaro_flowtuple_hash_equal(alpha, bravo) \
361 (alpha)->src_ip == (bravo)->src_ip && \
362 (alpha)->dst_ip.b == (bravo)->dst_ip.b && \
363 (alpha)->dst_ip.c == (bravo)->dst_ip.c && \
364 (alpha)->dst_ip.d == (bravo)->dst_ip.d && \
365 (alpha)->src_port == (bravo)->src_port && \
366 (alpha)->dst_port == (bravo)->dst_port && \
367 (alpha)->protocol == (bravo)->protocol && \
368 (alpha)->ttl == (bravo)->ttl && \
369 (alpha)->tcp_flags == (bravo)->tcp_flags && \
370 (alpha)->ip_len == (bravo)->ip_len \
373 #define corsaro_flowtuple_hash_equal(alpha, bravo) \
375 (alpha)->src_ip == (bravo)->src_ip && \
376 (alpha)->dst_ip == (bravo)->dst_ip && \
377 (alpha)->src_port == (bravo)->src_port && \
378 (alpha)->dst_port == (bravo)->dst_port && \
379 (alpha)->protocol == (bravo)->protocol && \
380 (alpha)->ttl == (bravo)->ttl && \
381 (alpha)->tcp_flags == (bravo)->tcp_flags && \
382 (alpha)->ip_len == (bravo)->ip_len \
391 #ifdef CORSARO_SLASH_EIGHT
392 #define corsaro_flowtuple_lt(alpha, bravo) \
394 ((alpha)->protocol < (bravo)->protocol) || \
396 ((alpha)->protocol == (bravo)->protocol) && \
398 ((alpha)->ttl < (bravo)->ttl) || \
400 ((alpha)->ttl == (bravo)->ttl) && \
402 ((alpha)->tcp_flags < (bravo)->tcp_flags) || \
404 ((alpha)->tcp_flags == (bravo)->tcp_flags) && \
406 ((alpha)->src_ip < (bravo)->src_ip) || \
408 ((alpha)->src_ip == (bravo)->src_ip) && \
410 ((alpha)->dst_ip.d < (bravo)->dst_ip.d) || \
412 ((alpha)->dst_ip.d == (bravo)->dst_ip.d) && \
414 ((alpha)->dst_ip.c < (bravo)->dst_ip.c) || \
416 ((alpha)->dst_ip.c == (bravo)->dst_ip.c) && \
418 ((alpha)->dst_ip.b < (bravo)->dst_ip.b) || \
420 ((alpha)->dst_ip.b == (bravo)->dst_ip.b) && \
422 ((alpha)->src_port < (bravo)->src_port) || \
424 ((alpha)->src_port == (bravo)->src_port) && \
426 ((alpha)->dst_port < (bravo)->dst_port) || \
428 ((alpha)->dst_port == (bravo)->dst_port) && \
430 ((alpha)->ip_len < (bravo)->ip_len) \
451 #define corsaro_flowtuple_lt(alpha, bravo) \
453 ((alpha)->protocol < (bravo)->protocol) || \
455 ((alpha)->protocol == (bravo)->protocol) && \
457 ((alpha)->ttl < (bravo)->ttl) || \
459 ((alpha)->ttl == (bravo)->ttl) && \
461 ((alpha)->tcp_flags < (bravo)->tcp_flags) || \
463 ((alpha)->tcp_flags == (bravo)->tcp_flags) && \
465 ((alpha)->src_ip < (bravo)->src_ip) || \
467 ((alpha)->src_ip == (bravo)->src_ip) && \
469 ((alpha)->dst_ip < (bravo)->dst_ip) || \
471 ((alpha)->dst_ip == (bravo)->dst_ip) && \
473 ((alpha)->src_port < (bravo)->src_port) || \
475 ((alpha)->src_port == (bravo)->src_port) && \
477 ((alpha)->dst_port < (bravo)->dst_port) || \
479 ((alpha)->dst_port == (bravo)->dst_port) && \
481 ((alpha)->ip_len < (bravo)->ip_len) \
Header file dealing with the corsaro plugin manager.
The highest class value currently in use.
An opaque structure defining an corsaro output file.
This packet is a backscatter packet.
uint32_t corsaro_flowtuple_get_source_ip(struct corsaro_flowtuple *flowtuple)
Get the source IP of the tuple in network byte order.
A reusable opaque structure for corsaro to read an input record into.
uint16_t class_type
The type of class (of type corsaro_flowtuple_class_type_t)
corsaro_flowtuple_class_type
Possible classification types for a flowtuple.
off_t corsaro_flowtuple_record_fprint(corsaro_t *corsaro, corsaro_file_t *file, corsaro_in_record_type_t record_type, corsaro_in_record_t *record)
Write a generic flowtuple record to the given corsaro file in ascii.
int corsaro_flowtuple_probe_file(corsaro_in_t *corsaro, const char *fturi)
Determine if the file given contains flowtuple data.
uint16_t ip_len
Length of the IP packet (from the IP header)
This packet is an ICMP Request packet.
void corsaro_flowtuple_class_start_print(corsaro_flowtuple_class_start_t *class)
Write a flowtuple class start record to stdout in ascii format.
uint32_t dst_ip
A Structure which represents the 3 useful bytes of the destination ip.
Represents the start record of a flowtuple class.
void corsaro_flowtuple_free(struct corsaro_flowtuple *t)
Free memory allocated for a flowtuple structure.
Represents the end record of a flowtuple class.
uint32_t count
The number of flowtuples in the class.
uint32_t corsaro_flowtuple_get_destination_ip(struct corsaro_flowtuple *flowtuple)
Get the destination IP of the tuple in network byte order.
uint16_t dst_port
The destination port (or ICMP code)
void corsaro_flowtuple_class_end_print(corsaro_flowtuple_class_end_t *class)
Write a flowtuple class end record to stdout in ascii format.
enum corsaro_flowtuple_class_type corsaro_flowtuple_class_type_t
Possible classification types for a flowtuple.
static corsaro_in_record_t * record
A pointer to a corsaro record.
void corsaro_flowtuple_print(struct corsaro_flowtuple *flowtuple)
Write a flowtuple to stdout in ascii format.
khint32_t corsaro_flowtuple_hash_func(struct corsaro_flowtuple *ft)
Hash the given flowtuple into a 32bit value.
uint16_t src_port
The source port (or ICMP type)
off_t corsaro_flowtuple_fprint(corsaro_t *corsaro, corsaro_file_t *file, struct corsaro_flowtuple *flowtuple)
Write a flowtuple to the given corsaro file in ascii.
Represents the eight important fields in the ip header that we will use to 'uniquely' identify a pack...
uint32_t magic
The flowtuple magic number 'SIXT'.
int corsaro_flowtuple_add_inc(void *hash, struct corsaro_flowtuple *t, uint32_t increment)
Either add the given flowtuple to the hash, or increment the current count.
uint8_t tcp_flags
TCP Flags (excluding NS)
uint16_t class_type
The type of class (of type corsaro_flowtuple_class_type_t)
uint32_t magic
The flowtuple magic number 'SIXT' (or 'SIXU' if not using /8 opts)
The packet is not backscatter, not ICMP Request.
int corsaro_flowtuple_record_print(corsaro_in_record_type_t record_type, corsaro_in_record_t *record)
Write a generic flowtuple record to stdout in ascii format.
uint32_t packet_cnt
The number of packets that comprise this flowtuple This is populated immediately before the tuple is ...
uint32_t src_ip
The source IP.
uint8_t protocol
The protocol.
enum corsaro_in_record_type corsaro_in_record_type_t
Corsaro input record types.
off_t corsaro_flowtuple_class_end_fprint(corsaro_t *corsaro, corsaro_file_t *file, corsaro_flowtuple_class_end_t *class)
Write a flowtuple class end record to the given corsaro file in ascii.
#define CORSARO_PLUGIN_GENERATE_PROTOS(plugin)
Convenience macro that defines all the function prototypes for the corsaro plugin API...
off_t corsaro_flowtuple_class_start_fprint(corsaro_t *corsaro, corsaro_file_t *file, corsaro_flowtuple_class_start_t *class)
Write a flowtuple class start record to the given corsaro file in ascii.
![[CAIDA - Center for Applied Internet Data Analysis logo]](https://www.caida.org/images/caida_globe_faded.png)
![[CAIDA]](https://www.caida.org/images/caida_whitewords.png "Go to CAIDA home page"){kind=small}