Represents the eight important fields in the ip header that we will use to 'uniquely' identify a packet. More...
Data Fields | |
| uint32_t | src_ip |
| The source IP. | |
| uint32_t | dst_ip |
| A Structure which represents the 3 useful bytes of the destination ip. | |
| uint16_t | src_port |
| The source port (or ICMP type) | |
| uint16_t | dst_port |
| The destination port (or ICMP code) | |
| uint8_t | protocol |
| The protocol. | |
| uint8_t | ttl |
| The TTL. | |
| uint8_t | tcp_flags |
| TCP Flags (excluding NS) | |
| uint16_t | ip_len |
| Length of the IP packet (from the IP header) | |
| uint32_t | packet_cnt |
| The number of packets that comprise this flowtuple This is populated immediately before the tuple is written out. | |
Represents the eight important fields in the ip header that we will use to 'uniquely' identify a packet.
Alberto and i think that most other analysis can be derived from this distribution
This struct will be used as the key for the hash.
Values are stored in network byte order to allow easy (de)serialization Note that since we have a /8, only 3 bytes of the destination IP address are kept (if configured/built with –with-slash-eight)
The 'PACKED' attribute instructs GCC to not do any byte alignment. This allows us to directly write the structure to disk
Definition at line 68 of file corsaro_flowtuple.h.
| uint32_t corsaro_flowtuple::dst_ip |
A Structure which represents the 3 useful bytes of the destination ip.
Definition at line 85 of file corsaro_flowtuple.h.
Referenced by corsaro_flowtuple_hash_func().
| uint16_t corsaro_flowtuple::dst_port |
The destination port (or ICMP code)
Definition at line 92 of file corsaro_flowtuple.h.
Referenced by corsaro_flowtuple_fprint(), corsaro_flowtuple_hash_func(), and corsaro_flowtuple_print().
| uint16_t corsaro_flowtuple::ip_len |
Length of the IP packet (from the IP header)
Definition at line 104 of file corsaro_flowtuple.h.
Referenced by corsaro_flowtuple_fprint(), corsaro_flowtuple_hash_func(), and corsaro_flowtuple_print().
| uint32_t corsaro_flowtuple::packet_cnt |
The number of packets that comprise this flowtuple This is populated immediately before the tuple is written out.
Definition at line 108 of file corsaro_flowtuple.h.
Referenced by corsaro_flowtuple_add_inc(), corsaro_flowtuple_fprint(), and corsaro_flowtuple_print().
| uint8_t corsaro_flowtuple::protocol |
The protocol.
Definition at line 95 of file corsaro_flowtuple.h.
Referenced by corsaro_flowtuple_fprint(), corsaro_flowtuple_hash_func(), and corsaro_flowtuple_print().
| uint32_t corsaro_flowtuple::src_ip |
The source IP.
Definition at line 71 of file corsaro_flowtuple.h.
Referenced by corsaro_flowtuple_fprint(), corsaro_flowtuple_get_source_ip(), corsaro_flowtuple_hash_func(), and corsaro_flowtuple_print().
| uint16_t corsaro_flowtuple::src_port |
The source port (or ICMP type)
Definition at line 89 of file corsaro_flowtuple.h.
Referenced by corsaro_flowtuple_fprint(), corsaro_flowtuple_hash_func(), and corsaro_flowtuple_print().
| uint8_t corsaro_flowtuple::tcp_flags |
TCP Flags (excluding NS)
Definition at line 101 of file corsaro_flowtuple.h.
Referenced by corsaro_flowtuple_fprint(), corsaro_flowtuple_hash_func(), and corsaro_flowtuple_print().
| uint8_t corsaro_flowtuple::ttl |
The TTL.
Definition at line 98 of file corsaro_flowtuple.h.
Referenced by corsaro_flowtuple_fprint(), corsaro_flowtuple_hash_func(), and corsaro_flowtuple_print().
![[CAIDA - Cooperative Association for Internet Data Analysis logo]](http://www.caida.org/images/caida_globe_faded.png)
![[CAIDA]](http://www.caida.org/images/caida_whitewords.png "Go to CAIDA home page"){kind=small}