YAF Core Library and Fragment Reassembler



The YAF Core Library (libyaf) provides YAF file and stream I/O primitives for reading and writing YAF bidirectional flow data. These routines are split out into a separately installed library to allow other applications to read and write YAF IPFIX files. The YAF Core Library's interface is described in yafcore.h.

The YAF Fragment Reassembler (libyafrag) provides drop-in IP fragment reassembly services to packet inspection tools built atop libpcap. Its primary interface, yaf_defrag(), is suitable for use with pcap_dispatch(), and it likewise presents a reassembled packet stream to a user supplied function suitable for use with pcap_dispatch(). Its interface is described in defrag.h. datalink.h defines datalink layer handling for the fragment reassembler, and picq.h defines a "pickable" queue data structure used by the reassembler. It is provided as a separately installed library in the hopes that the open source network security tools community will find it useful.


The YAF Core Library is distributed and installed with the YAF tools, available at http://aircert.sourceforge.net/yaf

Download YAF 0.1.6 from sourceforge.net


The YAF Core Library and Fragment Reassembler is automatically built and installed as part of the YAF installation process. See the YAF README file for details.


YAF is copyright 2005-2006 Carnegie Mellon University, and is released under the GNU General Public License. See the COPYING file in the distribution for details.

YAF was developed at the CERT Network Situational Awareness Group by Brian Trammell <bht@cert.org>.

© 2005-2006 Carnegie Mellon University
Generated Thu Jul 6 15:52:58 2006 for YAF 0.1.6 by Doxygen 1.4.5.