Function pfwl_field_add_L7

• Defined in File peafowl.h

Function Documentation

uint8_t pfwl_field_add_L7(pfwl_state_t *state, pfwl_field_id_t field)

Enables the extraction of a specific L7 field for a given protocol. When a protocol is identified, the default behavior is to not inspect the packets belonging to that flow anymore and keep simply returning the same protocol identifier.

If at least one field extraction is enabled for a certain protocol, then we keep inspecting all the new packets of that flow to extract such field. Moreover, if the application protocol uses TCP, then we have the additional cost of TCP reordering for all the segments. Is highly recommended to enable TCP reordering if it is not already enabled (remember that is enabled by default). Otherwise the informations extracted could be erroneous/incomplete.

Please note that this is only a suggestion given by the user to peafowl, and that in some cases the dissector could still extract the field, even if this has not been requested by the user. Indeed, in some cases the extraction of some fields may be needed for the correct identification of the protocol.

Return

0 if succeeded, 1 otherwise.

Parameters

• state: A pointer to the state of the library.

• field: The field to extract.