Skip to content

FromIPSummaryDump

Jump to bottom Edit New page
Tom Barbette edited this page Oct 3, 2018 · 2 revisions

FromIPSummaryDump Element Documentation

NAME

FromIPSummaryDump — Click element; reads packets from an IP summary dump file

SYNOPSIS

FromIPSummaryDump(FILENAME [, keywords STOP, TIMING, ACTIVE, ZERO, CHECKSUM, PROTO, MULTIPACKET, SAMPLE, FIELDS, FLOWID, DATA])

Batching: Batching natively supported
Ports: no inputs, 1 output
Processing: agnostic
Drivers: userlevel

DESCRIPTION

Reads IP packet descriptors from a file produced by ToIPSummaryDump, then creates packets containing info from the descriptors and pushes them out the output. Optionally stops the driver when there are no more packets.

The file may be compressed with gzip(1) or bzip2(1); FromIPSummaryDump will run zcat(1) or bzcat(1) to uncompress it.

FromIPSummaryDump reads from the file named FILENAME unless FILENAME is a single dash '-', in which case it reads from the standard input. It will not uncompress the standard input, however.

Keyword arguments are:

  • STOP — Boolean. If true, then FromIPSummaryDump will ask the router to stop when it is done reading. Default is false.
  • TIMING — Boolean. If true, then FromIPSummaryDump tries to maintain the timing of the original packet stream. The first packet is emitted immediately; thereafter, FromIPSummaryDump maintains the delays between packets. Default is false.
  • ACTIVE — Boolean. If false, then FromIPSummaryDump will not emit packets (until the 'active' handler is written). Default is true.
  • ZERO — Boolean. Determines the contents of packet data not set by the dump. If true (the default), this data is zero. If false, it is random garbage.
  • CHECKSUM — Boolean. If true, then output packets' IP, TCP, and UDP checksums are set, and have actual data bytes covering the entire IP length (whether or not those data bytes were defined). If false (the default), then the checksum fields contain random garbage, and output packets may be shorter than their IP headers' length fields (the EXTRA_LENGTH annotation is set to account for the difference).
  • PROTO — Byte (0-255). Sets the IP protocol used for output packets when the dump doesn't specify a protocol. Default is 6 (TCP).
  • MULTIPACKET — Boolean. If true, then FromIPSummaryDump will emit multiple packets for each line---specifically, it will emit as many packets as the packet count field specifies. Default is false.
  • SAMPLE — Unsigned real number between 0 and 1. FromIPSummaryDump will output each packet with probability SAMPLE. Default is 1. FromIPSummaryDump uses fixed-point arithmetic, so the actual sampling probability may differ substantially from the requested sampling probability. Use the sampling_prob handler to find out the actual probability. If MULTIPACKET is true, then the sampling probability applies separately to the multiple packets generated per record.
  • FIELDS — String, containing a space-separated list of field names (see ToIPSummaryDump for the possibilities). Defines the default fields for the dump.
  • FLOWID — String, containing a space-separated flow ID (source address, source port, destination address, destination port, and, optionally, protocol). Defines the IP addresses and ports used by default. Any flow information in the input file will override this setting.
  • ALLOW_NONEXISTENT — Boolean. If true, allow nonexistent and empty files: FromIPSummaryDump will successfully initialize even if the input file is nonexistent or empty. Defaults to false.
  • DATA — String. If set, FromIPSummaryDump reads from the DATA string, rather than from a file.

Only available in user-level processes.

NOTES

Packets generated by FromIPSummaryDump always have IP version 4 and a correct IP header length. The default IP protocol is TCP (6) and the default time-to-live is 100. The rest of the packet data is zero or garbage, unless set by the dump. Generated packets will usually have short lengths, but the extra header length annotations are set correctly.

FromIPSummaryDump is a notifier signal, active when the element is active and the dump contains more packets.

ELEMENT HANDLERS

  • sampling_prob (read-only) — Returns the sampling probability (see the SAMPLE keyword argument).
  • active (read/write) — Value is a Boolean.
  • encap (read-only) — Returns 'IP'. Useful for ToDump's USE_ENCAP_FROM option.
  • filesize (read-only) — Returns the length of the FromIPSummaryDump file, in bytes, or "-" if that length cannot be determined.
  • filepos (read-only) — Returns FromIPSummaryDump's position in the file, in bytes.
  • stop (write-only) — When written, sets 'active' to false and stops the driver.

SEE ALSO

ToIPSummaryDump

Generated by click-elem2man from ../elements/analysis/fromipsumdump.hh:13 on 2018/10/03.

Add a custom footer
Clone this wiki locally