SSF.OS.NetFlow
Class IpNetFlow

java.lang.Object
  |
  +--SSF.OS.NetFlow.NetFlow
        |
        +--SSF.OS.NetFlow.IpNetFlow
Direct Known Subclasses:
IpNetFlowWD

public class IpNetFlow
extends NetFlow


Field Summary
 int dOctets
          size of data in the flow This is not completely the same as in cisco
 int dPkts
          number of packets in the flow
 byte dst_mask
          destination IP suffix mask
 int dstAddr
          Destinatio IP (prefix) address
 float First
          start time
 short input
          index of the input NIC
 float Last
          the last time a packet of this flow arrives
 int nextHop
          IP of the next Hop.
 java.lang.String nhi
          NHI address of the collector, not including the interface ID
 short output
          index of the output NIC
 byte protocol
          IP protocol type
 byte src_mask
          source IP suffix mask
 int srcAddr
          Source IP (prefix) address
 byte tcp_flags
          cumulative OR of TCP flags
 
Fields inherited from class SSF.OS.NetFlow.NetFlow
next
 
Constructor Summary
IpNetFlow()
          default constructor
IpNetFlow(IpHeader ipPacket, short inID, short outID, float curTime, java.lang.String nhiAddr, byte srcMask, byte dstMask)
          construct a new flow from an ip packet
 
Method Summary
 boolean acceptPacket(ProtocolMessage packet)
          Check whether the given packet belongs to this flow.
 void dumpBinaryOut(java.io.DataOutputStream outStream)
          Dump the flow to a stream.
 byte[] dumpToBytes()
          Generate a byte array from this record.
 java.lang.Long makeKey()
          Construct a key for this flow based on srcAddr and dstAddr key is (srcAddr << 32)+dstAddr
This is used in for IpNetFlow.
static java.lang.Long makeKey(IpHeader ipPacket)
          make the key needed for IpNetFlow from an ip Packet.
 void readBinaryIn(java.io.DataInputStream inStream)
          Read data from a binary stream for a given flow.
 void readFromBytes(byte[] bytes, int len)
          extract the record information from a byte array
 int recordSize()
          The "next" field is NOT included when count the size of the record.
 java.lang.String toString()
          dump to String
 void update(ProtocolMessage packet, float curTime)
          update the flow for the given packet
 
Methods inherited from class SSF.OS.NetFlow.NetFlow
removeFlow
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Field Detail

nextHop

public int nextHop
IP of the next Hop. Newly added, in the standard IpHeader, this info is not available. In cisco ver7.0, this field is always set to be 0


nhi

public java.lang.String nhi
NHI address of the collector, not including the interface ID


srcAddr

public int srcAddr
Source IP (prefix) address


dstAddr

public int dstAddr
Destinatio IP (prefix) address


input

public short input
index of the input NIC


output

public short output
index of the output NIC


dPkts

public int dPkts
number of packets in the flow


dOctets

public int dOctets
size of data in the flow This is not completely the same as in cisco


First

public float First
start time


Last

public float Last
the last time a packet of this flow arrives


tcp_flags

public byte tcp_flags
cumulative OR of TCP flags


protocol

public byte protocol
IP protocol type


src_mask

public byte src_mask
source IP suffix mask


dst_mask

public byte dst_mask
destination IP suffix mask

Constructor Detail

IpNetFlow

public IpNetFlow()
default constructor


IpNetFlow

public IpNetFlow(IpHeader ipPacket,
                 short inID,
                 short outID,
                 float curTime,
                 java.lang.String nhiAddr,
                 byte srcMask,
                 byte dstMask)
construct a new flow from an ip packet

Parameters:
ipPacket - the packet received
inID - the ID of the input NIC
outID - the ID of the output NIC
curTime - currentTime
nhiAddr - the NHI address of the IpFlowCollector
srcMask -
dstMask -
Method Detail

dumpToBytes

public byte[] dumpToBytes()
Generate a byte array from this record. Notice that the nhi address is stored at the end, that is, starting from index 36.

Specified by:
dumpToBytes in class NetFlow

readFromBytes

public void readFromBytes(byte[] bytes,
                          int len)
extract the record information from a byte array

Specified by:
readFromBytes in class NetFlow
Parameters:
bytes - the byte array that stores the data
len - the length of the data stored in the array (Not the length of the array)

acceptPacket

public boolean acceptPacket(ProtocolMessage packet)
Check whether the given packet belongs to this flow.
NOTICE that here it doesn't not check input or output NIC ID because they are not in the IpHeader. If they matter, check it in other parts of your code as did in IpFlowCollector.

Specified by:
acceptPacket in class NetFlow
Parameters:
packet - the packet to be checked.

recordSize

public int recordSize()
The "next" field is NOT included when count the size of the record. The record consists of

Overrides:
recordSize in class NetFlow

update

public void update(ProtocolMessage packet,
                   float curTime)
update the flow for the given packet

Specified by:
update in class NetFlow
Parameters:
packet - given packet
curTime - the current time

makeKey

public static java.lang.Long makeKey(IpHeader ipPacket)
make the key needed for IpNetFlow from an ip Packet. The key is based on the srcAddr and dstAddr


makeKey

public java.lang.Long makeKey()
Construct a key for this flow based on srcAddr and dstAddr key is (srcAddr << 32)+dstAddr
This is used in for IpNetFlow.
Port number are not considered here. So if you want to construct the key in a different way and use it for a different flow, overwrite this function, and remember to change the static makeKey(ipPacket) as well.

Specified by:
makeKey in class NetFlow

toString

public java.lang.String toString()
dump to String

Overrides:
toString in class java.lang.Object

dumpBinaryOut

public void dumpBinaryOut(java.io.DataOutputStream outStream)
Dump the flow to a stream. If this is a list, dump the whole list.
NOTICE: this is used before the function dumpToBytes is written. It's obsolete after that.

Overrides:
dumpBinaryOut in class NetFlow
Parameters:
outStream - the outputStream into which the data is dumped.

readBinaryIn

public void readBinaryIn(java.io.DataInputStream inStream)
Read data from a binary stream for a given flow.
NOTICE: this is used before the function readFromBytes is written. It's obsolete after that.

Overrides:
readBinaryIn in class NetFlow