libram API

Table of Contents Sourcefiles index Generics Functions Structures Variables

TABLE OF CONTENTS

• 1. libram/libram_sclose
• 2. libram/libram_sdata
• 3. libram/libram_sopen

---

libram/libram_sclose [ Functions ]

[ Top ] [ libram ] [ Functions ]

NAME

libram_sclose - close session with socket/second interface

SYNOPSIS

void *libram_sclose(ram_fh h,
        enum libram_direction dir, char *buffer, int len, int flags, long id)

DESCRIPTION

libram_sclose(3) informs the backend about the end of a connection. The connection is specified by the parameter id, that is chosen with libram_sopen(3).

If there is any data that is not yes analyzed by backend module, it is passed in d.

The result of the libram_close(3) call is a reply structure, that can either be collected directly with libram_close(3) in synchronous mode, or by libram_process(3), libram_wait(3) or libram_poll(3) in asynchronous mode.

If the client is not interested in the reply structure at all, it can set flags to LIBRAM_DISCARD_RESULT. libram_sclose(3) will then always return NULL.

ARGUMENTS

• h: handle to libram
• dir: direction of data, either libram_direction_server or libram_direction_client
• buffer: Data passed
• len: length of data passed
• id: connection id chosen with libram_open(3)

RETURN

• LIBRAM_REPLY_UNAVAILABLE: either asynchronous mode where the result is not yet available, or LIBRAM_DISCARD_RESULT is set.
• LIBRAM_REPLY_FAILURE: either allocating result structure failed or fh invalid
• else: result of connection analysis

SEE ALSO

libram_load(3), libram_init(3), libram_close(3), libram_sopen(3), libram_sdata(3), libram_flags(3), ram_fh(3), libram_module(3), libram(3)

---

libram/libram_sdata [ Functions ]

[ Top ] [ libram ] [ Functions ]

NAME

libram_sdata - pass connection data with socket/second interface

SYNOPSIS

void *libram_sdata(ram_fh h,
        enum libram_direction dir, char *buffer, int len, int flags, long id)

DESCRIPTION

libram_sdata(3) passes connection data to the backend module. The connection is specified by the parameter id, that is first choosen in libram_sopen(3).

The result of the libram_sdata(3) call is a reply structure, that can either be collected directly with libram_data(3) in synchronous mode, or by libram_process(3), libram_wait(3) or libram_poll(3) in asynchronous mode.

If the client is not interested in the reply structure at all, it can set flags to LIBRAM_DISCARD_RESULT. libram_sdata(3) will then always return NULL.

ARGUMENTS

• h: handle to libram
• dir: direction of data, either libram_direction_server or libram_direction_client
• buffer: Data passed
• len: length of data passed
• id: connection id chosen with libram_open(3)

RETURN

• LIBRAM_REPLY_UNAVAILABLE: either asynchronous mode where the result is not yet available, or LIBRAM_DISCARD_RESULT is set.
• LIBRAM_REPLY_FAILURE: either allocating result structure failed or fh invalid
• else: result of connection analysis

SEE ALSO

libram(3), ram_fh(3), libram_data(3), libram_sopen(3), libram_sclose(3), libram_flags(3), libram_load(3), libram_init(3), libram_exit(3)

---

libram/libram_sopen [ Functions ]

[ Top ] [ libram ] [ Functions ]

NAME

libram_sopen - pass a new connection with socket interface

SYNOPSIS

void *libram_sopen(ram_fh h,
        struct sockaddr *src_addr, struct sockaddr *dst_addr,
        short src_port, short dst_port, char *proto,
        enum libram_protocol p,
        enum libram_direction dir, char *buffer, int len,
        int flags, long id)

DESCRIPTION

libram_sopen(3) informs the analysis backend about a new tcp or udp session. Transport parameter details about the connection are passed in the src_addr, dst_addr, src_prot, dst_port, protom abt type arguments. If there is already data available to the new connection this data is passed in dir, buffer, and len.

Further data is passed to the backend with libram_sdata(3). The session is closed again using libram_sclose(3).

To allow the backend to assemble a session from several libram_sdata(3) or libram_sclose(3) calls, the client chooses a unique identifier id in libram_sopen(3). This identifier is passed to all libram_sdata(3) or libram_sclose(3) calls that belong to the same session.

In synchronous mode the result of libram_sopen(3) is reply structure. In asynchronous mode the result is NULL if the analysis result in not yes available. If a result is available libram_sopen(3) returns a non NULL reply structure, that may be processed by the client immediate. If the client cannot process the reply structure immediate, the reply can later be collected using libram_process(3), libram_wait(3), or libram_poll(3).

If the client is not interested in the reply structure at all, it can set flags to LIBRAM_DISCARD_RESULT. libram_sopen(3) will then always return NULL.

ARGUMENTS

• h: handle to libram
• src_addr: struct sockaddr for src_addr
• dst_addr: struct sockaddr for dst_addr
• src_port: source port in network order
• dst_port: destination port in network order
• proto: protocol passed to backend module. If proto is NULL, the type parameter is used to either use "tcp" or "udp"
• type: either libram_protocol_tcp or libram_protocol_udp
• dir: direction of data, either libram_direction_server or libram_direction_client
• buffer: Data passed
• len: length of data passed
• flags: flags passed to libram_open(), see libram_flags(3)
• id: identifier for the connection

RETURN

• LIBRAM_REPLY_UNAVAILABLE: either asynchronous mode where the result is not yet available, or LIBRAM_DISCARD_RESULT is set.
• LIBRAM_REPLY_FAILURE: either allocating result structure failed or fh invalid
• else: result of connection analysis

SEE ALSO

libram(3), ram_fh(3), libram_open(3), libram_sdata(3), libram_sclose(3), libram_flags(3), libram_load(3), libram_init(3), libram_exit(3)

Generated from ./lib/libram-sapi.c with ROBODoc V4.99.36 on Tue Sep 17 2013 15:51:51