tcpreplay/docs/web/flowreplay/node6.html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<!--Converted with LaTeX2HTML 2002-2-1 (1.70)
original version by:  Nikos Drakos, CBLU, University of Leeds
* revised and updated by:  Marcus Hennecke, Ross Moore, Herb Swan
* with significant contributions from:
  Jens Lippmann, Marek Rouchal, Martin Wilck and others -->
<HTML>
<HEAD>
<TITLE>6 Plug-ins</TITLE>
<META NAME="description" CONTENT="6 Plug-ins">
<META NAME="keywords" CONTENT="flowreplay">
<META NAME="resource-type" CONTENT="document">
<META NAME="distribution" CONTENT="global">

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="Generator" CONTENT="LaTeX2HTML v2002-2-1">
<META HTTP-EQUIV="Content-Style-Type" CONTENT="text/css">

<LINK REL="STYLESHEET" HREF="flowreplay.css">

<LINK REL="previous" HREF="node5.html">
<LINK REL="up" HREF="flowreplay.html">
</HEAD>

<BODY >

<DIV CLASS="navigation"><!--Navigation Panel-->
<IMG WIDTH="81" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next_inactive" SRC="nx_grp_g.png"> 
<A NAME="tex2html90"
  HREF="flowreplay.html">
<IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="up.png"></A> 
<A NAME="tex2html88"
  HREF="node5.html">
<IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="prev.png"></A>   
<BR>
<B> Up:</B> <A NAME="tex2html91"
  HREF="flowreplay.html">Flowreplay Design Notes</A>
<B> Previous:</B> <A NAME="tex2html89"
  HREF="node5.html">5 pcap vs flow</A>
<BR>
<BR></DIV>
<!--End of Navigation Panel-->
<!--Table of Child-Links-->
<A NAME="CHILD_LINKS"><STRONG>Subsections</STRONG></A>

<UL CLASS="ChildLinks">
<LI><A NAME="tex2html92"
  HREF="node6.html#SECTION00061000000000000000"><SPAN CLASS="arabic">6</SPAN>.<SPAN CLASS="arabic">1</SPAN> <SPAN ID="hue282">Plug-in Basics</SPAN></A>
<LI><A NAME="tex2html93"
  HREF="node6.html#SECTION00062000000000000000"><SPAN CLASS="arabic">6</SPAN>.<SPAN CLASS="arabic">2</SPAN> <SPAN ID="hue292">The Default Plug-in</SPAN></A>
<LI><A NAME="tex2html94"
  HREF="node6.html#SECTION00063000000000000000"><SPAN CLASS="arabic">6</SPAN>.<SPAN CLASS="arabic">3</SPAN> <SPAN ID="hue309">Plug-in Details</SPAN></A>
</UL>
<!--End of Table of Child-Links-->
<HR>

<H1><A NAME="SECTION00060000000000000000">
<SPAN CLASS="arabic">6</SPAN> <SPAN ID="hue276">Plug-ins</SPAN></A>
</H1>

<P>
<SPAN ID="hue392">Plug-ins will provide the ``intelligence'' in
flowreplay. Flowreplay is designed to be a mere framework for connecting
captured flows in a flow file with socket file handles. How data is
processed and what should be done with it will be done via plug-ins.</SPAN>
<P>
<SPAN ID="hue280">Plug-ins will allow proper handling of a variety
of protocols while hopefully keeping things simple. Another part of
the consideration will be making it easy for others to contribute
to flowreplay. I don't want to have to write all the protocol logic
myself.</SPAN>
<P>

<H2><A NAME="SECTION00061000000000000000">
<SPAN CLASS="arabic">6</SPAN>.<SPAN CLASS="arabic">1</SPAN> <SPAN ID="hue282">Plug-in Basics</SPAN></A>
</H2>

<P>
<SPAN ID="hue284">Each plug-in provides the logic for handling one
or more services. The main purpose of a plug-in is to decide when
flowreplay should send data via one or more sockets. The plug-in can
use any</SPAN> <SPAN ID="hue394"><SPAN  CLASS="textit">non-blocking</SPAN></SPAN> <SPAN ID="hue288">method
of determining if it appropriate to send data or wait for data to
received. If necessary, a plug-in can also modify the data sent.</SPAN>
<P>
<SPAN ID="hue290">Each time poll() returns, flowreplay calls the plug-ins
for the flows which either have data waiting or in the case of a timeout,
those flows which timed out. Afterwords, all the flows are processed
and poll() is called on those flows which have their state set to
POLL. And the process repeats until there are no more nodes in the
tree.</SPAN>
<P>

<H2><A NAME="SECTION00062000000000000000">
<SPAN CLASS="arabic">6</SPAN>.<SPAN CLASS="arabic">2</SPAN> <SPAN ID="hue292">The Default Plug-in</SPAN></A>
</H2>

<P>
<SPAN ID="hue396">Initially, flowreplay will ship with one basic plug-in
called ``default''. Any flow which doesn't have a specific plug-in
defined, will use default. The goal of the default plug-in is to work
``good enough'' for a majority of single-flow protocols such as
SMTP, HTTP, and Telnet. Protocols which use encryption (SSL, SSH,
etc) or multiple flows (FTP, RPC, etc) will never work with the default
plug-in. Furthermore, the default plug-in will only support connections</SPAN><SPAN ID="hue397"><SPAN  CLASS="textit">to</SPAN></SPAN> <SPAN ID="hue299">a server, it will not
support accepting connections from clients.</SPAN>
<P>
<SPAN ID="hue398">The default plug-in will provide no data level manipulation
and only a simple method for detecting when it is time to send data
to the server. Detecting when to send data will be done by a ``no
more data'' timeout value. Basically, by using the pcap file as a
means to determine the order of the exchange, anytime it is the servers
turn to send data, flowreplay will wait for the first byte of data
and then start the ``no more data'' timer. Every time more data
is received, the timer is reset. If the timer reaches zero, then flowreplay
sends the next portion of the client side of the connection. This
is repeated until the the flow has been completely replayed or a ``server
hung'' timeout is reached. The server hung timeout is used to detect
a server which crashed and never starts sending any data which would
start the ``no more data'' timer.</SPAN>
<P>
<SPAN ID="hue399">Both the ``no more data'' and ``server hung''
timers will be user defined values and global to all flows using the
default plug-in.</SPAN>
<P>

<H2><A NAME="SECTION00063000000000000000">
<SPAN CLASS="arabic">6</SPAN>.<SPAN CLASS="arabic">3</SPAN> <SPAN ID="hue309">Plug-in Details</SPAN></A>
</H2>

<P>
<SPAN ID="hue311">Each plug-in will be comprised of the following:</SPAN>
<P>

<OL>
<LI><SPAN ID="hue314">An optional global data structure, for intra-flow
communication</SPAN>
</LI>
<LI><SPAN ID="hue316">Per-flow data structure, for tracking flow state
information</SPAN>
</LI>
<LI><SPAN ID="hue318">A list of functions which flow replay will call
when certain well-defined conditions are met.</SPAN>
<P>

<UL>
<LI><SPAN ID="hue321">Required functions:</SPAN>
<P>

<UL>
<LI><SPAN ID="hue324">initialize_node() - called when a node in the tree
created using this plug-in</SPAN>
</LI>
<LI><SPAN ID="hue326">post_poll_timeout() - called when the poll() returned
due to a timeout for this node</SPAN>
</LI>
<LI><SPAN ID="hue328">post_poll_read() - called when the poll() returned
due to the socket being ready</SPAN>
</LI>
<LI><SPAN ID="hue330">buffer_full() - called when a the packet buffer
for this flow is full</SPAN>
</LI>
<LI><SPAN ID="hue332">delete_node() - called just prior to the node being
free()'d</SPAN>
</LI>
</UL>
</LI>
<LI><SPAN ID="hue335">Optional functions:</SPAN>
<P>

<UL>
<LI><SPAN ID="hue338">pre_send_data() - called before data is sent</SPAN>
</LI>
<LI><SPAN ID="hue340">post_send_data() - called after data is sent</SPAN>
</LI>
<LI><SPAN ID="hue342">pre_poll() - called prior to poll()</SPAN>
</LI>
<LI><SPAN ID="hue344">post_poll_default() - called when poll() returns
and neither the socket was ready or the node timed out </SPAN>
</LI>
<LI><SPAN ID="hue346">open_socket() - called after the socket is opened</SPAN>
</LI>
<LI><SPAN ID="hue348">close_socket() - called after the socket is closed</SPAN>
</LI>
</UL>
</LI>
</UL>
</LI>
</OL>

<DL COMPACT>
<DT>
<DD><P>
</DD>
</DL>
<P>

<DIV CLASS="navigation"><HR>
<!--Navigation Panel-->
<IMG WIDTH="81" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next_inactive" SRC="nx_grp_g.png"> 
<A NAME="tex2html90"
  HREF="flowreplay.html">
<IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="up.png"></A> 
<A NAME="tex2html88"
  HREF="node5.html">
<IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="prev.png"></A>   
<BR>
<B> Up:</B> <A NAME="tex2html91"
  HREF="flowreplay.html">Flowreplay Design Notes</A>
<B> Previous:</B> <A NAME="tex2html89"
  HREF="node5.html">5 pcap vs flow</A></DIV>
<!--End of Navigation Panel-->
<ADDRESS>
Aaron Turner
2005-06-28
</ADDRESS>
</BODY>
</HTML>