Flow

packet_strata::tracker::flow

Struct Flow 

Source 
pub struct Flow<T, D> {
Show 19 fields
    pub start_ts: Timestamp,
    pub last_ts: Timestamp,
    pub src_mac: EthAddr,
    pub dst_mac: EthAddr,
    pub eth_proto: EtherProto,
    pub tuple: T,
    pub ip_info: IpInfo,
    pub tcp_info: TcpInfo,
    pub u_bytes: usize,
    pub d_bytes: usize,
    pub u_payload_bytes: usize,
    pub d_payload_bytes: usize,
    pub u_pkts: u32,
    pub d_pkts: u32,
    pub u_payload_pkts: u32,
    pub d_payload_pkts: u32,
    pub u_frags: u32,
    pub d_frags: u32,
    pub data: D,

}

Fields§

§start_ts: Timestamp

Timestamp of the first packet in the flow.

§last_ts: Timestamp

Timestamp of the last packet in the flow.

§src_mac: EthAddr

Source MAC address.

§dst_mac: EthAddr

Destination MAC address.

§eth_proto: EtherProto

Ethernet protocol.

§tuple: T

Generic address tuple (e.g. TupleV4, TupleV6 or TupleL2)

§ip_info: IpInfo

IP layer statistics and info.

§tcp_info: TcpInfo

TCP layer statistics and info (optional).

§u_bytes: usize

Total uplink bytes.

§d_bytes: usize

Total downlink bytes.

§u_payload_bytes: usize

Total uplink payload bytes.

§d_payload_bytes: usize

Total downlink payload bytes.

§u_pkts: u32

Total uplink packets.

§d_pkts: u32

Total downlink packets.

§u_payload_pkts: u32

Uplink packets with payload.

§d_payload_pkts: u32

Downlink packets with payload.

§u_frags: u32

Uplink fragments count.

§d_frags: u32

Downlink fragments count.

§data: D

Custom data associated with the flow.

Implementations§

Source§

impl<T, D> Flow<T, D>
where T: Default + Clone + Tuple + Sized, for<'a> NetworkLayer<'a>: SourceDestLayer<T::Addr>, T::Addr: Eq, D: Default,

Source

pub fn new( timestamp: Timestamp, tuple: T, pkt: &Packet<'_>, dir: PacketDirection, ) -> Self

Creates a new Flow instance.

§Arguments
  • timestamp - The timestamp of the first packet in the flow.
  • tuple - The flow tuple that identifies this connection (canonical direction).
  • pkt - The initial packet that triggered flow creation.
  • dir - The direction of the initial packet (Upwards or Downwards).

The source and destination MAC addresses and the tuple orientation are automatically adjusted based on the packet direction to ensure a consistent flow representation.

Source

pub fn packet_dir(&self, pkt: &Packet<'_>) -> PacketDirection

Determines the direction of a packet relative to the flow.

§Arguments
  • pkt - The packet to analyze for direction determination.

A packet is considered “upwards” if both its source address and source port match the flow’s source tuple. Otherwise, it’s considered “downwards”. This method is essential for tracking bidirectional communication within a single flow instance.

Trait Implementations§

Source§

impl<T: Clone, D: Clone> Clone for Flow<T, D>

Source§

fn clone(&self) -> Flow<T, D>

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl<T: Debug, D: Debug> Debug for Flow<T, D>

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl<T: Default, D: Default> Default for Flow<T, D>

Source§

fn default() -> Flow<T, D>

Returns the “default value” for a type. Read more
Source§

impl<'de, T, D> Deserialize<'de> for Flow<T, D>
where T: Deserialize<'de>, D: Deserialize<'de>,

Source§

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more
Source§

impl<T: PartialEq, D: PartialEq> PartialEq for Flow<T, D>

Source§

fn eq(&self, other: &Flow<T, D>) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl<A, T> Process for Flow<A, T>
where T: Process,

Source§

fn process<Meta: PacketMetadata>( &mut self, meta: &Meta, pkt: &Packet<'_>, dir: PacketDirection, )

Update the state based on the provided packet metadata and content.
Source§

impl<T, D> Serialize for Flow<T, D>
where T: Serialize, D: Serialize,

Source§

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>
where __S: Serializer,

Serialize this value into the given Serde serializer. Read more
Source§

impl<A, T> Trackable for Flow<A, T>

Source§

type Timestamp = Timestamp

Source§

fn timestamp(&self) -> Timestamp

Source§

fn set_timestamp(&mut self, ts: Self::Timestamp)

Source§

impl<T: Copy, D: Copy> Copy for Flow<T, D>

Source§

impl<T: Eq, D: Eq> Eq for Flow<T, D>

Source§

impl<T, D> StructuralPartialEq for Flow<T, D>

Auto Trait Implementations§

§

impl<T, D> Freeze for Flow<T, D>
where T: Freeze, D: Freeze,

§

impl<T, D> RefUnwindSafe for Flow<T, D>
where T: RefUnwindSafe, D: RefUnwindSafe,

§

impl<T, D> Send for Flow<T, D>
where T: Send, D: Send,

§

impl<T, D> Sync for Flow<T, D>
where T: Sync, D: Sync,

§

impl<T, D> Unpin for Flow<T, D>
where T: Unpin, D: Unpin,

§

impl<T, D> UnwindSafe for Flow<T, D>
where T: UnwindSafe, D: UnwindSafe,

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<Q, K> Equivalent<K> for Q
where Q: Eq + ?Sized, K: Borrow<Q> + ?Sized,

Source§

fn equivalent(&self, key: &K) -> bool

Checks if this value is equivalent to the given key. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,