void NetworkInterface::flow_processing(ZMQ_Flow *zflow) { bool src2dst_direction; Flow *flow; if((time_t)zflow->last_switched > (time_t)last_pkt_rcvd) last_pkt_rcvd = zflow->last_switched; /* Updating Flow */ flow = getFlow(zflow->src_mac, zflow->dst_mac, zflow->vlan_id, &zflow->src_ip, &zflow->dst_ip, zflow->src_port, zflow->dst_port, zflow->l4_proto, &src2dst_direction, zflow->first_switched, zflow->last_switched); if(flow == NULL) return; if(zflow->l4_proto == IPPROTO_TCP) flow->updateTcpFlags(zflow->tcp_flags); flow->addFlowStats(src2dst_direction, zflow->pkt_sampling_rate*zflow->in_pkts, zflow->pkt_sampling_rate*zflow->in_bytes, zflow->pkt_sampling_rate*zflow->out_pkts, zflow->pkt_sampling_rate*zflow->out_bytes, zflow->last_switched); flow->setDetectedProtocol(zflow->l7_proto); flow->setJSONInfo(json_object_to_json_string(zflow->additional_fields)); flow->updateActivities(); incStats(zflow->src_ip.isIPv4() ? ETHERTYPE_IP : ETHERTYPE_IPV6, flow->get_detected_protocol(), zflow->pkt_sampling_rate*(zflow->in_bytes + zflow->out_bytes), zflow->pkt_sampling_rate*(zflow->in_pkts + zflow->out_pkts), 24 /* 8 Preamble + 4 CRC + 12 IFG */ + 14 /* Ethernet header */); purgeIdle(zflow->last_switched); }