Skip to content
Tom Barbette edited this page Aug 6, 2018 · 2 revisions

FromNLANRDump Element Documentation

NAME

FromNLANRDump — Click element; reads packets from an NLANR file

SYNOPSIS

FromNLANRDump(FILENAME [, KEYWORDS])

Ports: no inputs, 1-2 outputs
Processing: agnostic, but output 1 is push
Drivers: userlevel

DESCRIPTION

Reads IP packets from a file in a format used for NLANR traces: either FR, FR+, or TSH. Pushes them out the output, and optionally stops the driver when there are no more packets.

FromNLANRDump also transparently reads gzip- and bzip2-compressed files, if you have zcat(1) and bzcat(1) installed.

Keyword arguments are:

  • FORMAT — String. Should be either 'fr', 'fr+', 'tsh', or 'guess'. Default is 'guess'.
  • STOP — Boolean. If true, then FromNLANRDump will ask the router to stop when it is done reading its file (or the END time is reached). Default is false.
  • ACTIVE — Boolean. If false, then FromNLANRDump will not emit packets (until the `active' handler is written). Default is true.
  • FORCE_IP — Boolean. This argument is ignored; it's here for compatibility with FromDump and the like. FromNLANRDump behaves as if FORCE_IP was set to true.
  • START — Absolute time in seconds since the epoch. FromNLANRDump will output packets with timestamps after that time.
  • START_AFTER — Argument is relative time in seconds (or supply a suffix like `min', `h'). FromNLANRDump will skip the first T seconds in the log.
  • END — Absolute time in seconds since the epoch. FromNLANRDump will stop when encountering a packet with timestamp at or after that time.
  • END_AFTER — Argument is relative time in seconds (or supply a suffix like `min', `h'). FromNLANRDump will stop at the first packet whose timestamp is at least T seconds after the first timestamp in the log.
  • INTERVAL — Argument is relative time in seconds (or supply a suffix like `min', `h'). FromNLANRDump will stop at the first packet whose timestamp is at least T seconds after the first packet output.
  • END_CALL — Specify a handler to call once the end time is reached, or the dump runs out of packets. This defaults to 'FromNLANRDump.active false'. END_CALL and STOP are mutually exclusive.
  • SAMPLE — Unsigned real number between 0 and 1. FromNLANRDump will output each packet with probability SAMPLE. Default is 1. FromNLANRDump uses fixed-point arithmetic, so the actual sampling probability may differ substantially from the requested sampling probability. Use the sampling_prob handler to find out the actual probability.
  • TIMING — Boolean. If true, then FromNLANRDump tries to maintain the inter-packet timing of the original packet stream. False by default.
  • MMAP — Boolean. If true, then FromNLANRDump will use mmap to access the tcpdump file. This can result in slightly better performance on some machines. FromNLANRDump's regular file discipline is pretty optimized, so the difference is often small in practice. Default is true on most operating systems, but false on Linux.
  • FILEPOS — File offset. If supplied, then FromNLANRDump will start emitting packets from this (uncompressed) file position. This is dangerous; if you get the offset wrong, FromNLANRDump will emit garbage.

You can supply at most one of START and START_AFTER, and at most one of END, END_AFTER, and INTERVAL.

Only available in user-level processes.

NOTES

In TSH dumps, FromNLANRDump sets packets' link annotations to the link number stored in the dump.

ELEMENT HANDLERS

  • sampling_prob (read-only) — Returns the sampling probability (see the SAMPLE keyword argument).
  • active (read/write) — Value is a Boolean.
  • encap (read-only) — Returns "IP".
  • filename (read-only) — Returns the filename supplied to FromNLANRDump.
  • filesize (read-only) — Returns the length of the FromNLANRDump file, in bytes, or "-" if that length cannot be determined (because the file was compressed, for example).
  • filepos (read-only) — Returns FromNLANRDump's position in the (uncompressed) file, in bytes.
  • packet_filepos (read-only) — Returns the (uncompressed) file position of the last packet emitted, in bytes. This handler is useful for elements like AggregateIPFlows that can record statistics about portions of a trace; with packet_filepos, they can note exactly where the relevant portion begins.
  • extend_interval (write-only) — Text is a time interval. If END_TIME or one of its cousins was specified, then writing to this handler extends END_TIME by that many seconds. Also, ACTIVE is set to true.

SEE ALSO

FromDump, ToDump, mmap

Generated by click-elem2man from ../elements/analysis/fromnlanrdump.hh:11 on 2018/08/06.

Clone this wiki locally