{"id":20669543,"url":"https://github.com/iitis/flowcalc","last_synced_at":"2025-04-19T18:12:56.520Z","repository":{"id":2840504,"uuid":"3843952","full_name":"iitis/flowcalc","owner":"iitis","description":"IP flow calculation toolkit","archived":false,"fork":false,"pushed_at":"2015-11-30T17:34:53.000Z","size":98,"stargazers_count":13,"open_issues_count":1,"forks_count":6,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-04-13T11:59:09.370Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"http://mutrics.iitis.pl/","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/iitis.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"COPYING","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2012-03-27T13:27:50.000Z","updated_at":"2022-03-11T20:14:49.000Z","dependencies_parsed_at":"2022-08-26T06:53:01.052Z","dependency_job_id":null,"html_url":"https://github.com/iitis/flowcalc","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/iitis%2Fflowcalc","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/iitis%2Fflowcalc/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/iitis%2Fflowcalc/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/iitis%2Fflowcalc/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/iitis","download_url":"https://codeload.github.com/iitis/flowcalc/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":249760135,"owners_count":21321843,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-16T20:14:45.492Z","updated_at":"2025-04-19T18:12:56.502Z","avatar_url":"https://github.com/iitis.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"flowcalc\n========\n\nA toolkit for calculating IP flow statistics in ARFF format out of raw PCAP traffic trace files.\nThanks to the libtrace library, flowcalc can read numerous input file formats (see the [full\nlist](http://research.wand.net.nz/software/libtrace.php)).\n\nflowcalc is based on [libflowcalc](https://github.com/iitis/libflowcalc). By default, it will load\nall `*.so` files found in the current directory and register its per-packet and per-flow callback\nfunctions using the `lfc_register()` function of libflowcalc.\n\nThe `*.so` files are modules, which are responsible for calculating some set of flow statistics.\nEach module receives each packet as the trace file is read and can use the libtrace API to access\nthe low-level packet data required for calculations. Once a given IP flow finishes, another function\nin the module is called so that it prints the flow data to the standard output.\n\nflowcalc uses the ARFF output file format readable e.g. by the WEKA and RapidMiner data-mining\nenvironments.\n\nflowdump\n========\n\nAnother interesting program is flowdump, which for example can be used to rewrite one big PCAP file\ninto many smaller ones, one for each layer 7 protocol. This can be used for training\nmachine-learning IP traffic classification systems.\n\nPackets can be rewritten basing on the value of any column found in the flowcalc output file.\n\nHow to write a flowcalc module\n------------------------------\n\nSee `counters.c` for an example of a simple module. Basically, your C file needs to define a global\n`struct module` variable named `module` (see `flowcalc.h`). This structure has a few fields:\n\n* `size`: amount of per-flow data you need for your algorithm (the `data` parameter)\n* `init`: pointer to function which will emit an ARFF header\n* `pkt`:  pointer to per-packet callback\n* `flow`: pointer to per-flow callback\n\nFor `pkt` and `flow`, see `libflowcalc.h` in the [libflowcalc](https://github.com/iitis/libflowcalc)\nproject:\n\n\t/** A per-packet callback function\n\t * @param pdata  plugin data\n\t * @param lf     flow data\n\t * @param data   plugin flow data\n\t * @param ts     packet timestamp\n\t * @param up     if true, this packet flows in the same direction as the\n\t *               the first packet that created the flow\n\t * @param is_new true for first packet in flow\n\t * @param pkt    libtrace packet - access to packet data\n\t */\n\ttypedef void (*pkt_cb)(struct lfc *lfc, void *pdata,\n\t\tstruct lfc_flow *lf, void *data,\n\t\tdouble ts, bool up, bool is_new, libtrace_packet_t *pkt);\n\n\t/** A callback to call when a flow is closed\n\t * @param pdata  plugin data\n\t * @param lf     basic flow information\n\t * @param data   flow data\n\t */\n\ttypedef void (*flow_cb)(struct lfc *lfc, void *pdata,\n\t\tstruct lfc_flow *lf, void *data);\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fiitis%2Fflowcalc","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fiitis%2Fflowcalc","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fiitis%2Fflowcalc/lists"}