node6.html 8.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219
  1. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
  2. <!--Converted with LaTeX2HTML 2002-2 (1.70)
  3. original version by: Nikos Drakos, CBLU, University of Leeds
  4. * revised and updated by: Marcus Hennecke, Ross Moore, Herb Swan
  5. * with significant contributions from:
  6. Jens Lippmann, Marek Rouchal, Martin Wilck and others -->
  7. <HTML>
  8. <HEAD>
  9. <TITLE>6 Plug-ins</TITLE>
  10. <META NAME="description" CONTENT="6 Plug-ins">
  11. <META NAME="keywords" CONTENT="flowreplay">
  12. <META NAME="resource-type" CONTENT="document">
  13. <META NAME="distribution" CONTENT="global">
  14. <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
  15. <META NAME="Generator" CONTENT="LaTeX2HTML v2002-2">
  16. <META HTTP-EQUIV="Content-Style-Type" CONTENT="text/css">
  17. <LINK REL="STYLESHEET" HREF="flowreplay.css">
  18. <LINK REL="previous" HREF="node5.html">
  19. <LINK REL="up" HREF="flowreplay.html">
  20. </HEAD>
  21. <BODY >
  22. <DIV CLASS="navigation"><!--Navigation Panel-->
  23. <IMG WIDTH="81" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next_inactive" SRC="nx_grp_g.png">
  24. <A NAME="tex2html90"
  25. HREF="flowreplay.html">
  26. <IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="up.png"></A>
  27. <A NAME="tex2html88"
  28. HREF="node5.html">
  29. <IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="prev.png"></A>
  30. <BR>
  31. <B> Up:</B> <A NAME="tex2html91"
  32. HREF="flowreplay.html">Flowreplay Design Notes</A>
  33. <B> Previous:</B> <A NAME="tex2html89"
  34. HREF="node5.html">5 pcap vs flow</A>
  35. <BR>
  36. <BR></DIV>
  37. <!--End of Navigation Panel-->
  38. <!--Table of Child-Links-->
  39. <A NAME="CHILD_LINKS"><STRONG>Subsections</STRONG></A>
  40. <UL CLASS="ChildLinks">
  41. <LI><A NAME="tex2html92"
  42. HREF="node6.html#SECTION00061000000000000000"><SPAN CLASS="arabic">6</SPAN>.<SPAN CLASS="arabic">1</SPAN> <SPAN ID="hue283">Plug-in Basics</SPAN></A>
  43. <LI><A NAME="tex2html93"
  44. HREF="node6.html#SECTION00062000000000000000"><SPAN CLASS="arabic">6</SPAN>.<SPAN CLASS="arabic">2</SPAN> <SPAN ID="hue293">The Default Plug-in</SPAN></A>
  45. <LI><A NAME="tex2html94"
  46. HREF="node6.html#SECTION00063000000000000000"><SPAN CLASS="arabic">6</SPAN>.<SPAN CLASS="arabic">3</SPAN> <SPAN ID="hue310">Plug-in Details</SPAN></A>
  47. </UL>
  48. <!--End of Table of Child-Links-->
  49. <HR>
  50. <H1><A NAME="SECTION00060000000000000000">
  51. <SPAN CLASS="arabic">6</SPAN> <SPAN ID="hue277">Plug-ins</SPAN></A>
  52. </H1>
  53. <P>
  54. <SPAN ID="hue393">Plug-ins will provide the ``intelligence'' in
  55. flowreplay. Flowreplay is designed to be a mere framework for connecting
  56. captured flows in a flow file with socket file handles. How data is
  57. processed and what should be done with it will be done via plug-ins.</SPAN>
  58. <P>
  59. <SPAN ID="hue281">Plug-ins will allow proper handling of a variety
  60. of protocols while hopefully keeping things simple. Another part of
  61. the consideration will be making it easy for others to contribute
  62. to flowreplay. I don't want to have to write all the protocol logic
  63. myself.</SPAN>
  64. <P>
  65. <H2><A NAME="SECTION00061000000000000000">
  66. <SPAN CLASS="arabic">6</SPAN>.<SPAN CLASS="arabic">1</SPAN> <SPAN ID="hue283">Plug-in Basics</SPAN></A>
  67. </H2>
  68. <P>
  69. <SPAN ID="hue285">Each plug-in provides the logic for handling one
  70. or more services. The main purpose of a plug-in is to decide when
  71. flowreplay should send data via one or more sockets. The plug-in can
  72. use any</SPAN> <SPAN ID="hue395"><SPAN CLASS="textit">non-blocking</SPAN></SPAN> <SPAN ID="hue289">method
  73. of determining if it appropriate to send data or wait for data to
  74. received. If necessary, a plug-in can also modify the data sent.</SPAN>
  75. <P>
  76. <SPAN ID="hue291">Each time poll() returns, flowreplay calls the plug-ins
  77. for the flows which either have data waiting or in the case of a timeout,
  78. those flows which timed out. Afterwords, all the flows are processed
  79. and poll() is called on those flows which have their state set to
  80. POLL. And the process repeats until there are no more nodes in the
  81. tree.</SPAN>
  82. <P>
  83. <H2><A NAME="SECTION00062000000000000000">
  84. <SPAN CLASS="arabic">6</SPAN>.<SPAN CLASS="arabic">2</SPAN> <SPAN ID="hue293">The Default Plug-in</SPAN></A>
  85. </H2>
  86. <P>
  87. <SPAN ID="hue397">Initially, flowreplay will ship with one basic plug-in
  88. called ``default''. Any flow which doesn't have a specific plug-in
  89. defined, will use default. The goal of the default plug-in is to work
  90. ``good enough'' for a majority of single-flow protocols such as
  91. SMTP, HTTP, and Telnet. Protocols which use encryption (SSL, SSH,
  92. etc) or multiple flows (FTP, RPC, etc) will never work with the default
  93. plug-in. Furthermore, the default plug-in will only support connections</SPAN><SPAN ID="hue398"><SPAN CLASS="textit">to</SPAN></SPAN> <SPAN ID="hue300">a server, it will not
  94. support accepting connections from clients.</SPAN>
  95. <P>
  96. <SPAN ID="hue399">The default plug-in will provide no data level manipulation
  97. and only a simple method for detecting when it is time to send data
  98. to the server. Detecting when to send data will be done by a ``no
  99. more data'' timeout value. Basically, by using the pcap file as a
  100. means to determine the order of the exchange, anytime it is the servers
  101. turn to send data, flowreplay will wait for the first byte of data
  102. and then start the ``no more data'' timer. Every time more data
  103. is received, the timer is reset. If the timer reaches zero, then flowreplay
  104. sends the next portion of the client side of the connection. This
  105. is repeated until the the flow has been completely replayed or a ``server
  106. hung'' timeout is reached. The server hung timeout is used to detect
  107. a server which crashed and never starts sending any data which would
  108. start the ``no more data'' timer.</SPAN>
  109. <P>
  110. <SPAN ID="hue400">Both the ``no more data'' and ``server hung''
  111. timers will be user defined values and global to all flows using the
  112. default plug-in.</SPAN>
  113. <P>
  114. <H2><A NAME="SECTION00063000000000000000">
  115. <SPAN CLASS="arabic">6</SPAN>.<SPAN CLASS="arabic">3</SPAN> <SPAN ID="hue310">Plug-in Details</SPAN></A>
  116. </H2>
  117. <P>
  118. <SPAN ID="hue312">Each plug-in will be comprised of the following:</SPAN>
  119. <P>
  120. <OL>
  121. <LI><SPAN ID="hue315">An optional global data structure, for intra-flow
  122. communication</SPAN>
  123. </LI>
  124. <LI><SPAN ID="hue317">Per-flow data structure, for tracking flow state
  125. information</SPAN>
  126. </LI>
  127. <LI><SPAN ID="hue319">A list of functions which flow replay will call
  128. when certain well-defined conditions are met.</SPAN>
  129. <P>
  130. <UL>
  131. <LI><SPAN ID="hue322">Required functions:</SPAN>
  132. <P>
  133. <UL>
  134. <LI><SPAN ID="hue325">initialize_node() - called when a node in the tree
  135. created using this plug-in</SPAN>
  136. </LI>
  137. <LI><SPAN ID="hue327">post_poll_timeout() - called when the poll() returned
  138. due to a timeout for this node</SPAN>
  139. </LI>
  140. <LI><SPAN ID="hue329">post_poll_read() - called when the poll() returned
  141. due to the socket being ready</SPAN>
  142. </LI>
  143. <LI><SPAN ID="hue331">buffer_full() - called when a the packet buffer
  144. for this flow is full</SPAN>
  145. </LI>
  146. <LI><SPAN ID="hue333">delete_node() - called just prior to the node being
  147. free()'d</SPAN>
  148. </LI>
  149. </UL>
  150. </LI>
  151. <LI><SPAN ID="hue336">Optional functions:</SPAN>
  152. <P>
  153. <UL>
  154. <LI><SPAN ID="hue339">pre_send_data() - called before data is sent</SPAN>
  155. </LI>
  156. <LI><SPAN ID="hue341">post_send_data() - called after data is sent</SPAN>
  157. </LI>
  158. <LI><SPAN ID="hue343">pre_poll() - called prior to poll()</SPAN>
  159. </LI>
  160. <LI><SPAN ID="hue345">post_poll_default() - called when poll() returns
  161. and neither the socket was ready or the node timed out </SPAN>
  162. </LI>
  163. <LI><SPAN ID="hue347">open_socket() - called after the socket is opened</SPAN>
  164. </LI>
  165. <LI><SPAN ID="hue349">close_socket() - called after the socket is closed</SPAN>
  166. </LI>
  167. </UL>
  168. </LI>
  169. </UL>
  170. </LI>
  171. </OL>
  172. <DL COMPACT>
  173. <DT>
  174. <DD><P>
  175. </DD>
  176. </DL>
  177. <P>
  178. <DIV CLASS="navigation"><HR>
  179. <!--Navigation Panel-->
  180. <IMG WIDTH="81" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next_inactive" SRC="nx_grp_g.png">
  181. <A NAME="tex2html90"
  182. HREF="flowreplay.html">
  183. <IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="up.png"></A>
  184. <A NAME="tex2html88"
  185. HREF="node5.html">
  186. <IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="prev.png"></A>
  187. <BR>
  188. <B> Up:</B> <A NAME="tex2html91"
  189. HREF="flowreplay.html">Flowreplay Design Notes</A>
  190. <B> Previous:</B> <A NAME="tex2html89"
  191. HREF="node5.html">5 pcap vs flow</A></DIV>
  192. <!--End of Navigation Panel-->
  193. <ADDRESS>
  194. Aaron Turner
  195. 2006-08-07
  196. </ADDRESS>
  197. </BODY>
  198. </HTML>