Class DissectionInfo¶

Defined in File peafowl.hpp

Class Documentation¶

class peafowl::DissectionInfo¶

The result of the identification process.

Public Functions

DissectionInfo(pfwl_dissection_info_t dissectionInfo, Status status)¶

Constructor.

Parameters

dissectionInfo: The C dissection info.
status: The status of the processing.

DissectionInfo &operator=(const pfwl_dissection_info_t &rhs)¶

Assignment operator.

Return

The CPP dissection info.

Parameters

rhs: The C dissection info.

ProtocolL7 guessProtocol() const¶

Guesses the protocol looking only at source/destination ports. This could be erroneous because sometimes protocols run over ports which are not their well-known ports.

Return: Returns the possible matching protocol.

bool hasProtocolL7(ProtocolL7 protocol) const¶

hasProtocolL7 Checks if a specific L7 protocol has been identified in a given dissection info.

Checks if a specific L7 protocol has been identified in a given dissection info. ATTENTION: Please note that protocols are associated to flows and not to packets. For example, if for a given flow, the first packet carries IMAP data and the second packet carries SSL encrypted data, we will have:

For the first packet:

pfwl_has_protocol_L7(info, PFWL_PROTO_L7_IMAP): true
pfwl_has_protocol_L7(info, PFWL_PROTO_L7_SSL): false

For the second packet:

pfwl_has_protocol_L7(info, PFWL_PROTO_L7_IMAP): true
pfwl_has_protocol_L7(info, PFWL_PROTO_L7_SSL): true

For all the subsequent packets:

pfwl_has_protocol_L7(info, PFWL_PROTO_L7_IMAP): true
pfwl_has_protocol_L7(info, PFWL_PROTO_L7_SSL): true

Return

True if the L7 protocol is carried by the flow, false otherwise.

Parameters

protocol: The L7 protocol.

Status getStatus() const¶

getStatus Returns the status of the processing.

Return: The status of the processing.

DissectionInfoL2 getL2() const¶

getL2 Returns the L2 dissection information.

Return: The L2 dissection information.

DissectionInfoL3 getL3() const¶

getL3 Returns the L3 dissection information.

Return: The L3 dissection information.

DissectionInfoL4 getL4() const¶

getL4 Returns the L4 dissection information.

Return: The L4 dissection information.

DissectionInfoL7 getL7() const¶

getL7 Returns the L7 dissection information.

Return: The L7 dissection information.

FlowInfo getFlowInfo() const¶

getFlowInfo Returns the flow information.

Return: The flow information.

const pfwl_dissection_info_t &getNativeInfo() const¶

Returns the C dissection info.

Return: The C dissection info.