BACnet filter plugin

Plugin filters flow record get by input plugin according to its EtherType value (if any such value is present). More...


Data Structures
struct	bacnet_filter_private_t
	Plugin's private structure with information passed from init to the calls of PLUGIN_FILTER_* functions. More...
Defines
#define	VERSION "1.0"
#define	PRINT(format, args...)
#define	PRINTERR(format, args...) fprintf(stderr,format,##args)
#define	PRINTWARN(format, args...) fprintf(stderr,format,##args)
Functions
plugin_desc_t *	plugin_filter_desc ()
	API for flowmonexp to get plugin description structure.
void *	plugin_filter_init (char params, flow_record_getter_t *getter_list)
	Initialize all needed structures/devices/files etc. The function is called once as the first part of the plugin.
int	plugin_filter_filter (void plugin_private, flow_record_t record)
	Filtering function. By default (allow behavior), filter passes only BACnet, ARP, ISMP, LLDP and SLOW (802.3) protocols. Other traffic (like IP) is discarded. Deny parameter of the plugin inverts the behavior.
Variables
unsigned int	plugin_type = (PLUGIN_TYPE_FILTER)

Detailed Description

Plugin filters flow record get by input plugin according to its EtherType value (if any such value is present).

Default behavior of the plugin is to allow only BACnet, ARP, ISMP, LLDP and SLOW (802.3) packets. Any other type of network traffic is dropped. This can be inverted by a 'deny' plugin parameter:

$ flowmonexp -X input-bacnet.so -X filter-bacnet.so -I input-bacnet -F filter-bacnet:deny -E netflow-v9:host=localhost

Define Documentation

#define PRINT	(	format,
		args...		)

Message printer

Definition at line 70 of file filter-bacnet.c.

#define PRINTERR	(	format,
		args...		)	fprintf(stderr,format,##args)

Error message printer

Definition at line 76 of file filter-bacnet.c.

#define PRINTWARN	(	format,
		args...		)	fprintf(stderr,format,##args)

Warning message printer

Definition at line 81 of file filter-bacnet.c.

#define VERSION "1.0"

Plugin version

Definition at line 65 of file filter-bacnet.c.

Function Documentation

plugin_desc_t* plugin_filter_desc ( )

API for flowmonexp to get plugin description structure.

Returns:: Plugin description structure

Definition at line 113 of file filter-bacnet.c.

int plugin_filter_filter	(	void *	plugin_private,
		flow_record_t *	record
	)

Filtering function. By default (allow behavior), filter passes only BACnet, ARP, ISMP, LLDP and SLOW (802.3) protocols. Other traffic (like IP) is discarded. Deny parameter of the plugin inverts the behavior.

Parameters:

`[in]`	plugin_private	Plugin's private structure from init with all necessary information
`[in]`	record	Flow record from input plugin(s)

Returns:

FLOW_FILTER_DROP to discard flow record,
FLOW_FILTER_PASS to allow further processing/exporting of the flow record

Definition at line 181 of file filter-bacnet.c.

void* plugin_filter_init	(	char *	params,
		flow_record_getter_t **	getter_list
	)

Initialize all needed structures/devices/files etc. The function is called once as the first part of the plugin.

Parameters:

`[in]`	params	Plugin parameters as string from command line
`[in]`	getter_list	List of available getters for a complete flow record

Returns:: Created and initialized plugin internal structure (filter_bacnet_private_t)

Definition at line 127 of file filter-bacnet.c.

Variable Documentation

unsigned int plugin_type = (PLUGIN_TYPE_FILTER)

Set type of the flowmonexp's plugin

Definition at line 96 of file filter-bacnet.c.

BACnet filter plugin

Data Structures

Defines

Functions

Variables

Detailed Description

Define Documentation

Function Documentation

Variable Documentation