Main Page | Modules | Class Hierarchy | Class List | Directories | Class Members | Related Pages | Examples

ConsecutivePacketFilter Class Reference

matches a packet if the packet is the next packet in its trace to the previous packet seen by this filter. More...

#include <PacketFilter.h>

Inheritance diagram for ConsecutivePacketFilter:

PacketFilter List of all members.

Public Member Functions

 ConsecutivePacketFilter (const ConsecutivePacketFilter &toCopy)
ConsecutivePacketFilteroperator= (const ConsecutivePacketFilter &rhs)
virtual ConsecutivePacketFilterclone (void) const
virtual bool match (const TraceIterator &pkt) const
 match a packet.
virtual bool match (const StreamKey &key) const
 match a stream.
virtual std::string toString (void) const

Static Public Member Functions

static PacketFilterparse (const std::string &filterString)

Friends

std::ostream & operator<< (std::ostream &os, const PacketFilter &filter)

Detailed Description

matches a packet if the packet is the next packet in its trace to the previous packet seen by this filter.

Warning:
This packet filter is powerful, but probably rather non-intuitive and dangerous. Care should be exercised in its use, on penalty of many frustrating hours spent debugging.
Proper use of this class requires proper use of short-circuit logic. The filter remebers the last packet that it saw; any packet filtered out by previous expressions don't get to it, but those filtered out by later expressions will be remembered. Consider the following trace:

packet 1 : 192.168.1.10:5555 -> 192.168.1.11:53 UDP packet 2 : 192.168.1.11:53 -> 192.168.1.10:5555 UDP packet 3 : 192.168.1.10:5556 -> 192.168.1.12:80 TCP packet 4 : 192.168.1.12:80 -> 192.168.1.10:5556 TCP packet 5 : 192.168.1.12:4444 -> 192.168.1.11:53 UDP packet 6 : 192.168.1.12:80 -> 192.168.1.10:5556 TCP

Now consider the following filters:

Unless you're really sure of what you're doing, you probably want consecutive to be the last clause of a filter.

Also note that an instance of ConsecutivePacketFilter should only be used in one place at a time, or else it will get confused, and then so will you.

Examples:

profile_streams_thesis.cc.

Member Function Documentation

bool ConsecutivePacketFilter::match const StreamKey key  )  const [virtual]
 

match a stream.

This simply returns false for ConsecutivePacketFilter, as the concept of consecutiveness for streams does not have any meaning as of yet.

Implements PacketFilter.

bool ConsecutivePacketFilter::match const TraceIterator pkt  )  const [virtual]
 

match a packet.

Todo:
these match functions should probably throw an exception if the wrong one is used; e.g. if the StreamKey match is called on a ConsecutivePacketFilter that has a non-null prevPacket.

Find a better way to implement stateful packet filters.

Note:
Because this is a stateful packet filter, it's not actually a const member; prevPacket will be changed. The const qualifier is left on so that the correct match will be called - otherwise it will overload as opposed to overriding. This is hackish and does not make me happy. The best solution would probably be to divide PacketFilter into two classes, StatelessPacketFilter and StatefulPacketFilter, and divide CompoundPacketFilter likewise (StatefulCompoundPacketFilter could contain StatefulPacketFilters, whereas StatelessCompoundPacketFilter could not. That, however, is just fugly; an alternative might be to use generative programming techniques to do effectively the same without duplicating code. Generative programming techniques, however, are simply frightening. So, for now, hackish it is.

Implements PacketFilter.

PacketFilter * PacketFilter::parse const std::string &  filterString  )  [static, inherited]
 

parser to generate packet filters from a filter string

Returns:
pointer to a new PacketFilter (allocated using new; caller is responsible for deallocating when finished)

The documentation for this class was generated from the following files:
Generated on Thu Apr 5 01:02:37 2007 for ANTARES by  doxygen 1.4.2