Class DissectionInfoL7¶

Defined in File peafowl.hpp

Class Documentation¶

class peafowl::DissectionInfoL7¶

The result of the L7 identification process.

Public Functions

DissectionInfoL7()¶: Constructor.

DissectionInfoL7(pfwl_dissection_info_l7_t dissectionInfo)¶

Copy constructor.

Parameters

dissectionInfo: The information to be copied.

std::vector<ProtocolL7> getProtocols() const¶

Some L7 protocols may be carried by other L7 protocols. For example, Ethereum may be carried by JSON-RPC, which in turn may be carried by HTTP. If such a flow is found, we will have:

protocols[0] = HTTP

protocols[1] = JSON-RPC

protocols[2] = Ethereum

i.e., protocols are shown by the outermost to the innermost. Similarly, if Ethereum is carried by plain JSON-RPC, we would have:

protocols[0] = JSON-RPC

protocols[1] = Ethereum

This encapsulation can also hold over different packets of a given flow. E.g.IMAP over SSL has a few packet exchanged with plain IMAP and then the subsequent packets encapsulated within SSL. In such a case, the first IMAP packets will only have protocols[0] = IMAP. However, when the first SSL packet for the flow is received, we will have protocols[0] = IMAP and protocols[1] = SSL for that packet and for all the subsequent packets. Indeed, it is important to remark that protocols are associated to flows and not to packets. This call returns the list of L7 protocols identified for this packet.

Return: The list of L7 protocols identified for this packet.

ProtocolL7 getProtocol() const¶

Returns the first protocol of the list, i.e. this call is equivalent to getProtocols()[0].

Return: The first protocol of the list.

Field getField(FieldId id) const¶

Returns a specific protocol field.

Return

The protocol field.

Parameters

id: The identifier of the field.

std::vector<Field> getFields() const¶

Returns all the protocol fields.

Return: All the protocol fields.

std::vector<std::string> getTags() const¶

Returns the tags associated to this packet.

Return: The tags associated to this packet.

Field httpGetHeader(const char *headerName) const¶

httpGetHeader Extracts a specific HTTP header from the dissection info.

Return

The header value.

Parameters

headerName: The name of the header (‘\0’ terminated).

pfwl_dissection_info_l7_t getNative() const¶

Returns the C representation of the L7 protocol.

Return: The C representation of the L7 protocol.