Struct retina_datatypes::conn_fts::ConnHistory
source · pub struct ConnHistory {
pub history: Vec<u8>,
}Expand description
Connection history.
This represents a summary of the connection history in the order the packets were observed, with letters encoded as a vector of bytes. This is a simplified version of state history in Zeek, and the meanings of each letter are similar: If the event comes from the originator, the letter is uppercase; if the event comes from the responder, the letter is lowercase.
- S: a pure SYN with only the SYN bit set (may have payload)
- H: a pure SYNACK with only the SYN and ACK bits set (may have payload)
- A: a pure ACK with only the ACK bit set and no payload
- D: segment contains non-zero payload length
- F: the segment has the FIN bit set (may have other flags and/or payload)
- R: segment has the RST bit set (may have other flags and/or payload)
Each letter is recorded a maximum of once in either direction.
Fields§
§history: Vec<u8>Trait Implementations§
source§impl Clone for ConnHistory
impl Clone for ConnHistory
source§fn clone(&self) -> ConnHistory
fn clone(&self) -> ConnHistory
Returns a copy of the value. Read more
1.0.0 · source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
Performs copy-assignment from
source. Read moresource§impl Debug for ConnHistory
impl Debug for ConnHistory
source§impl Default for ConnHistory
impl Default for ConnHistory
source§fn default() -> ConnHistory
fn default() -> ConnHistory
Returns the “default value” for a type. Read more
source§impl Serialize for ConnHistory
impl Serialize for ConnHistory
source§impl Tracked for ConnHistory
impl Tracked for ConnHistory
source§fn new(_first_pkt: &L4Pdu) -> Self
fn new(_first_pkt: &L4Pdu) -> Self
Initialize internal data; called once per connection.
Note
first_pkt will also be delivered to update.source§fn clear(&mut self)
fn clear(&mut self)
Clear internal data; called if connection no longer matches filter
that requires the Tracked type.
source§fn update(&mut self, pdu: &L4Pdu, reassembled: bool)
fn update(&mut self, pdu: &L4Pdu, reassembled: bool)
New packet in connection received (or reassembled, if reassembled=true)
Note this may be invoked both pre- and post-reassembly; types
should check
reassembled to avoid double-counting.source§fn stream_protocols() -> Vec<&'static str>
fn stream_protocols() -> Vec<&'static str>
The stream protocols (lower-case) required for this datatype.
See
IMPLEMENTED_PROTOCOLS in retina_core for list of supported protocols.Auto Trait Implementations§
impl Freeze for ConnHistory
impl RefUnwindSafe for ConnHistory
impl Send for ConnHistory
impl Sync for ConnHistory
impl Unpin for ConnHistory
impl UnwindSafe for ConnHistory
Blanket Implementations§
source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more
source§impl<T> CloneToUninit for Twhere
T: Clone,
impl<T> CloneToUninit for Twhere
T: Clone,
source§default unsafe fn clone_to_uninit(&self, dst: *mut T)
default unsafe fn clone_to_uninit(&self, dst: *mut T)
🔬This is a nightly-only experimental API. (
clone_to_uninit)source§impl<T> IntoEither for T
impl<T> IntoEither for T
source§fn into_either(self, into_left: bool) -> Either<Self, Self>
fn into_either(self, into_left: bool) -> Either<Self, Self>
Converts
self into a Left variant of Either<Self, Self>
if into_left is true.
Converts self into a Right variant of Either<Self, Self>
otherwise. Read moresource§fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
Converts
self into a Left variant of Either<Self, Self>
if into_left(&self) returns true.
Converts self into a Right variant of Either<Self, Self>
otherwise. Read more