How to use the nfstream.plugin.NFPlugin function in nfstream
To help you get started, we’ve selected a few nfstream examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
aouinizied / nfstream / nfstream / plugin.py View on Github 
class src2dst_max_piat_ms(NFPlugin):
""" Flow src -> dst maximum packet inter arrival time """
def on_init(self, obs):
return -1 # we will set it as -1 as init value
def on_update(self, obs, entry):
if obs.direction == 0:
if entry.src2dst_max_piat_ms == -1 and entry.src2dst_piat[0] >= 0:
entry.src2dst_max_piat_ms = entry.src2dst_piat[0]
if entry.src2dst_piat[0] > entry.src2dst_max_piat_ms:
entry.src2dst_max_piat_ms = entry.src2dst_piat[0]
class src2dst_min_piat_ms(NFPlugin):
""" Flow src -> dst minimum packet inter arrival time """
def on_init(self, obs):
return -1 # we will set it as -1 as init value
def on_update(self, obs, entry):
if obs.direction == 0:
if entry.src2dst_min_piat_ms == -1 and entry.src2dst_piat[0] >= 0:
entry.src2dst_min_piat_ms = entry.src2dst_piat[0]
if entry.src2dst_piat[0] < entry.src2dst_min_piat_ms:
entry.src2dst_min_piat_ms = entry.src2dst_piat[0]
class src2dst_weldord_piat_ms(NFPlugin):
""" Flow src -> dst packet inter arrival time welford algorithm structure (volatile) """
def on_init(self, obs):
return [0, 0, 0]entry.dst2src_min_piat_ms = entry.dst2src_piat[0]
if entry.dst2src_piat[0] < entry.dst2src_min_piat_ms:
entry.dst2src_min_piat_ms = entry.dst2src_piat[0]
class bidirectional_min_raw_ps(NFPlugin):
""" Flow bidirectional minimum raw packet size """
def on_init(self, obs):
return obs.raw_size
def on_update(self, obs, entry):
if obs.raw_size < entry.bidirectional_min_raw_ps:
entry.bidirectional_min_raw_ps = obs.raw_size
class bidirectional_weldord_raw_ps(NFPlugin):
""" Flow bidirectional raw packet size welford algorithm structure (volatile)"""
def on_init(self, obs):
return [1, obs.raw_size, 0]
def on_update(self, obs, entry):
k = entry.bidirectional_weldord_raw_ps[0] + 1
entry.bidirectional_weldord_raw_ps[0] = k
m = entry.bidirectional_weldord_raw_ps[1]
s = entry.bidirectional_weldord_raw_ps[2]
entry.bidirectional_weldord_raw_ps[1] = \
m + (obs.raw_size - m) * 1. / entry.bidirectional_weldord_raw_ps[0]
entry.bidirectional_weldord_raw_ps[2] = \
s + (obs.raw_size - m) * (obs.raw_size - entry.bidirectional_weldord_raw_ps[1])
class bidirectional_mean_raw_ps(NFPlugin):class bidirectional_last_seen_ms(NFPlugin):
""" Timestamp in milliseconds on last flow packet """
def on_init(self, obs):
return obs.time
def on_update(self, obs, entry):
entry.bidirectional_last_seen_ms = obs.time
class src2dst_first_seen_ms(NFPlugin):
""" Timestamp in milliseconds on first flow packet (src -> dst direction)"""
def on_init(self, obs):
return obs.time
class src2dst_last_seen_ms(NFPlugin):
""" Timestamp in milliseconds on last flow packet (src -> dst direction)"""
def on_init(self, obs):
return obs.time
def on_update(self, obs, entry):
if obs.direction == 0:
entry.src2dst_last_seen_ms = obs.time
class dst2src_first_seen_ms(NFPlugin):
""" Timestamp in milliseconds on first flow packet (dst -> src direction)"""
def on_update(self, obs, entry):
if obs.direction == 1 and entry.dst2src_first_seen_ms == 0:
entry.dst2src_first_seen_ms = obs.timereturn [0, 0, 0]
def on_update(self, obs, entry):
if entry.bidirectional_piat[0] >= 0:
k = entry.bidirectional_weldord_piat_ms[0] + 1
entry.bidirectional_weldord_piat_ms[0] = k
m = entry.bidirectional_weldord_piat_ms[1]
s = entry.bidirectional_weldord_piat_ms[2]
entry.bidirectional_weldord_piat_ms[1] = \
m + (entry.bidirectional_piat[0] - m) * 1. / entry.bidirectional_weldord_piat_ms[0]
entry.bidirectional_weldord_piat_ms[2] = \
s + (entry.bidirectional_piat[0] - m) * \
(entry.bidirectional_piat[0] - entry.bidirectional_weldord_piat_ms[1])
class bidirectional_mean_piat_ms(NFPlugin):
""" Flow bidirectional mean packet inter arrival time """
def on_init(self, obs):
return -1
def on_update(self, obs, entry):
if entry.bidirectional_piat[0] >= 0:
entry.bidirectional_mean_piat_ms = entry.bidirectional_weldord_piat_ms[1]
class bidirectional_stdev_piat_ms(NFPlugin):
""" Flow bidirectional packet inter arrival time standard deviation (sample stddev)"""
def on_init(self, obs):
return -1
def on_update(self, obs, entry):
if entry.bidirectional_piat[0] >= 0:class dst2src_stdev_raw_ps(NFPlugin):
""" Flow dst -> src raw packet size standard deviation (sample stdev) """
def on_init(self, obs):
return -1
def on_update(self, obs, entry):
if obs.direction == 1:
if entry.dst2src_weldord_raw_ps[0] == 1:
entry.dst2src_stdev_raw_ps = 0
else:
entry.dst2src_stdev_raw_ps = \
math.sqrt(entry.dst2src_weldord_raw_ps[2]/(entry.dst2src_weldord_raw_ps[0] - 1))
class dst2src_max_raw_ps(NFPlugin):
""" Flow dst -> src maximum raw packet size """
def on_init(self, obs):
return -1
def on_update(self, obs, entry):
if obs.raw_size > entry.dst2src_max_raw_ps and obs.direction == 1:
entry.dst2src_max_raw_ps = obs.raw_size
class bidirectional_min_ip_ps(NFPlugin):
""" Flow bidirectional minimum ip packet size """
def on_init(self, obs):
return obs.ip_size
def on_update(self, obs, entry):
if obs.ip_size < entry.bidirectional_min_ip_ps:def on_update(self, obs, entry):
if obs.direction == 1:
entry.dst2src_ip_bytes += obs.ip_size
class dst2src_duration_ms(NFPlugin):
""" Flow dst2src duration in milliseconds """
def on_init(self, obs):
return -1
def on_update(self, obs, entry):
if obs.direction == 1:
entry.dst2src_duration_ms = obs.time - entry.dst2src_first_seen_ms
class expiration_id(NFPlugin):
""" Flow expiration ID: negative if custom, 0 if idle expiration, 1 if active expiration, 2 if natural """
def is_ndpi_proto(entry, id):
""" Helper to check is entry app or master protocol ids """
if (entry.master_protocol == id) or (entry.app_protocol == id):
return True
else:
return False
def update_ndpi_infos(entry, ndpi_flow, ndpi_protocol, ndpi):
""" Updater for nDPI plugin collected informations """
entry.app_protocol = ndpi_protocol.app_protocol
entry.master_protocol = ndpi_protocol.master_protocol
entry.application_name = ndpi.ndpi_protocol2name(ndpi_protocol)def on_update(self, obs, entry):
entry.bidirectional_mean_ip_ps = entry.bidirectional_weldord_ip_ps[1]
class bidirectional_stdev_ip_ps(NFPlugin):
""" Flow bidirectional ip packet size standard deviation (sample stdev) """
def on_init(self, obs):
return 0
def on_update(self, obs, entry):
entry.bidirectional_stdev_ip_ps = \
math.sqrt(entry.bidirectional_weldord_ip_ps[2]/(entry.bidirectional_weldord_ip_ps[0] - 1))
class bidirectional_max_ip_ps(NFPlugin):
""" Flow bidirectional maximum ip packet size """
def on_init(self, obs):
return obs.ip_size
def on_update(self, obs, entry):
if obs.ip_size > entry.bidirectional_max_ip_ps:
entry.bidirectional_max_ip_ps = obs.ip_size
class src2dst_min_ip_ps(NFPlugin):
""" Flow src -> dst minimum ip packet size """
def on_init(self, obs):
return obs.ip_size
def on_update(self, obs, entry):
if obs.ip_size < entry.src2dst_min_ip_ps and obs.direction == 0:class src2dst_min_piat_ms(NFPlugin):
""" Flow src -> dst minimum packet inter arrival time """
def on_init(self, obs):
return -1 # we will set it as -1 as init value
def on_update(self, obs, entry):
if obs.direction == 0:
if entry.src2dst_min_piat_ms == -1 and entry.src2dst_piat[0] >= 0:
entry.src2dst_min_piat_ms = entry.src2dst_piat[0]
if entry.src2dst_piat[0] < entry.src2dst_min_piat_ms:
entry.src2dst_min_piat_ms = entry.src2dst_piat[0]
class src2dst_weldord_piat_ms(NFPlugin):
""" Flow src -> dst packet inter arrival time welford algorithm structure (volatile) """
def on_init(self, obs):
return [0, 0, 0]
def on_update(self, obs, entry):
if obs.direction == 0 and entry.src2dst_piat[0] >= 0:
k = entry.src2dst_weldord_piat_ms[0] + 1
entry.src2dst_weldord_piat_ms[0] = k
m = entry.src2dst_weldord_piat_ms[1]
s = entry.src2dst_weldord_piat_ms[2]
entry.src2dst_weldord_piat_ms[1] = m + (entry.src2dst_piat[0] - m) * 1. / entry.src2dst_weldord_piat_ms[0]
entry.src2dst_weldord_piat_ms[2] = s + (entry.src2dst_piat[0] - m) * (entry.src2dst_piat[0] -
entry.src2dst_weldord_piat_ms[1])
class src2dst_mean_piat_ms(NFPlugin):""" Flow dst -> src packet inter arrival time welford algorithm structure (volatile) """
def on_init(self, obs):
return [0, 0, 0]
def on_update(self, obs, entry):
if obs.direction == 1 and entry.dst2src_piat[0] >= 0:
k = entry.dst2src_weldord_piat_ms[0] + 1
entry.dst2src_weldord_piat_ms[0] = k
m = entry.dst2src_weldord_piat_ms[1]
s = entry.dst2src_weldord_piat_ms[2]
entry.dst2src_weldord_piat_ms[1] = m + (entry.dst2src_piat[0] - m) * 1. / entry.dst2src_weldord_piat_ms[0]
entry.dst2src_weldord_piat_ms[2] = s + (entry.dst2src_piat[0] - m) * (entry.dst2src_piat[0] -
entry.dst2src_weldord_piat_ms[1])
class dst2src_mean_piat_ms(NFPlugin):
""" Flow dst -> src mean packet inter arrival time """
def on_init(self, obs):
return -1
def on_update(self, obs, entry):
if obs.direction == 1 and entry.dst2src_piat[0] >= 0:
entry.dst2src_mean_piat_ms = entry.dst2src_weldord_piat_ms[1]
class dst2src_stdev_piat_ms(NFPlugin):
""" Flow dst -> src packet inter arrival time standard deviation (sample stdev)"""
def on_init(self, obs):
return -1
def on_update(self, obs, entry):
if obs.direction == 1 and entry.dst2src_piat[0] >= 0:class dst2src_last_seen_ms(NFPlugin):
""" Timestamp in milliseconds on last flow packet (dst -> src direction)"""
def on_update(self, obs, entry):
if obs.direction == 1:
entry.dst2src_last_seen_ms = obs.time
class nfhash(NFPlugin):
""" Flow nfstream hashed value """
def on_init(self, obs):
return obs.nfhash
class src_ip(NFPlugin):
""" str value of IP source (volatile) """
def on_init(self, obs):
return obs.src_ip
class src_ip_type(NFPlugin):
""" src_ip private or public """
def on_init(self, obs):
return int(ipaddress.ip_address(obs.src_ip).is_private)
class dst_ip_type(NFPlugin):
""" dst_ip type: private or public """
def on_init(self, obs):
return int(ipaddress.ip_address(obs.dst_ip).is_private)nfstream
A Flexible Network Data Analysis Framework
Package Health Score
39 / 100Popular nfstream functions
- nfstream.classifier.NFStreamClassifier
- nfstream.classifier.NFStreamClassifier.__init__
- nfstream.classifier.NFStreamClassifier.on_exit
- nfstream.classifier.NFStreamClassifier.on_flow_init
- nfstream.classifier.NFStreamClassifier.on_flow_terminate
- nfstream.classifier.NFStreamClassifier.on_flow_update
- nfstream.entry.NFEntry
- nfstream.ndpi_bindings.CacheEntry
- nfstream.ndpi_bindings.CacheEntryMap
- nfstream.ndpi_bindings.HashIp4pNode
- nfstream.ndpi_bindings.ndpi.ndpi_detection_giveup
- nfstream.ndpi_bindings.ndpi.ndpi_get_proto_name
- nfstream.ndpi_bindings.NDPIDetectionModuleStruct
- nfstream.ndpi_bindings.NDPIFlowStruct
- nfstream.ndpi_bindings.NDPIIdStruct
- nfstream.ndpi_bindings.NDPINode
- nfstream.ndpi_bindings.NDPIProtocolBitMask
- nfstream.NFPlugin
- nfstream.NFStreamer
- nfstream.plugin.NFPlugin