Observer¶
Observer Function Chains¶
PATHspider’s observer will accept functions and pass python-libtrace dissected packets along with the associated flow record to them for every packet recieved.
| Function Chain | Description |
|---|---|
| new_flow_chain | Functions to initialise fields in the flow record for new flows. |
| ip4_chain | Functions to record details from IPv4 headers. |
| ip6_chain | Functions to record details from IPv6 headers. |
| tcp_chain | Functions to record details from TCP headers. |
| udp_chain | Functions to record details from UDP headers. |
| l4_chain | Functions to record details from other layer 4 headers. |
If a function returns False, the Observer will consider the flow to be finished and will pass it to be merged with the job record after a short delay.
Observer Implementation¶
-
class
pathspider.observer.Observer(lturi, new_flow_chain=[], ip4_chain=[], ip6_chain=[], tcp_chain=[], udp_chain=[], l4_chain=[])[source]¶ Wraps a packet source identified by a libtrace URI, parses packets to divide them into flows, passing these packets and flows onto a function chain to allow data to be associated with each flow.
-
__init__(lturi, new_flow_chain=[], ip4_chain=[], ip6_chain=[], tcp_chain=[], udp_chain=[], l4_chain=[])[source]¶ Create an Observer.
Parameters: - new_flow_chain (array(function)) – Array of functions to initialise new flows.
- ip4_chain (array(function)) – Array of functions to pass IPv4 headers to.
- ip6_chain (array(function)) – Array of functions to pass IPv6 headers to.
- tcp_chain (array(function)) – Array of functions to pass TCP headers to.
- udp_chain (array(function)) – Array of functions to pass UDP headers to.
- l4_chain (array(function)) – Array of functions to pass other layer 4 headers to.
See also:
-