Function pfwl_has_protocol_L7

• Defined in File peafowl.h

Function Documentation

uint8_t pfwl_has_protocol_L7(pfwl_dissection_info_t *dissection_info, pfwl_protocol_l7_t protocol)

pfwl_has_protocol_L7 Checks if a specific L7 protocol has been identified in a given dissection info.

Checks if a specific L7 protocol has been identified in a given dissection info. ATTENTION: Please note that protocols are associated to flows and not to packets. For example, if for a given flow, the first packet carries IMAP data and the second packet carries SSL encrypted data, we will have:

For the first packet:

• pfwl_has_protocol_L7(info, PFWL_PROTO_L7_IMAP): 1

• pfwl_has_protocol_L7(info, PFWL_PROTO_L7_SSL): 0

For the second packet:

• pfwl_has_protocol_L7(info, PFWL_PROTO_L7_IMAP): 1

• pfwl_has_protocol_L7(info, PFWL_PROTO_L7_SSL): 1

For all the subsequent packets:

• pfwl_has_protocol_L7(info, PFWL_PROTO_L7_IMAP): 1

• pfwl_has_protocol_L7(info, PFWL_PROTO_L7_SSL): 1

Return

1 if the L7 protocol is carried by the flow, 0 otherwise.

Parameters

• dissection_info: The dissection info.

• protocol: The L7 protocol.