Skip to content

Events

Jump to bottom
Jacob van Walraven edited this page Jan 9, 2020 · 14 revisions

Setup events (Input/Output Plugins):

int module_MODULENAME_config(yaml_parser_t *parser, yaml_event_t *event, int *level);

  • config event - This is triggered before the packet processing and reporting threads are created. This is used parse any module configuration from the configuration file.

Packet processing thread events:

void *module_MODULENAME_starting(void *tls);

  • starting event (packet processing threads) - This event is triggered when the application starts, is used to setup any packet processing thread storage for the plugin.

int module_MODULENAME_packet(bd_bigdata_t *bigdata, void *mls);

  • packet event (packet processing thread) - This event is triggered when a packet is received. Any BPF filters applied by the plugin will also apply to the plugins packet event.

int module_MODULENAME_PROTOCOL(bd_bigdata_t *bigdata, void *mls);

  • protocol event (packet processing thread) - Each protocol has its own event. A plugin may register for the HTTP protocol event in which would be notified when a HTTP packet is received.

int module_MODULENAME_protocol_updated(bd_bigdata_t *bigdata, void *mls, lpi_protocol_t old_protocol,lpi_protocol_t new_protocol);

  • protocol updated event (packet processing thread) - When the determined protocol associated with a flow has changed this event is trigged.

int module_MODULENAME_stopping(void *tls, void *mls);

  • stopping event (packet processing threads) - Is triggered when the packet processing threads stop (only when the application stops). This is used to cleanup any allocated storage or flush any remaining results before the application stops.

int module_MODULENAME_tick(bd_bigdata_t *bigdata, void *mls, uint64_t tick);

  • tick event (packet processing threads) - Is triggered at a regular time interval set by each plugin. This is used to export results at regular time intervals.

int module_MODULENAME_flowstart(bd_bigdata_t *bigdata, void *mls, bd_flow_record_t *flow_record);

  • flow start event (packet processing thread) - Is triggered when the first packet is seen for a new flow.

int module_MODULENAME_flowend(bd_bigdata_t *bigdata, void *mls, bd_flow_record_t *flow_record);

  • flow end event (packet processing thread) - Is triggered when a flow has not received any packets within a timeout period, the flow is assumed to have ended.

int module_MODULENAME_clear(void *mls);

  • clear event (packet processing threads) - Is used to clear any results stored within the plugin. This is triggered when the output for a periodic interval needs to be aligned to the nearest absolute interval

Reporting thread events:

void *module_MODULENAME_reporter_starting(void *tls);

  • starting event (reporting thread) - When the reporting thread first starts (On application launch). Is used to allocate storage used by the reporting thread.

int module_MODULENAME_combine(bd_bigdata_t *bigdata, void *mls, uint64_t tick, void *result);

  • combining event (reporting thread) - Is triggered when a result is received and needs to be combined with other results for the same time period.

int module_MODULENAME_reporter_result(bd_bigdata_t *bigdata, void *mls, bd_result_set *result);

  • result event (reporting thread) - Is triggered when a result is received and is ready to be exported.

int module_MODULENAME_reporter_stopping(void *tls, void *mls);

  • stopping event (reporting thread) - When the reporting thread stops (only when the application stops). Is used to cleanup any allocated storage within the reporting thread.
Clone this wiki locally