{"id":171,"date":"2015-01-23T16:40:11","date_gmt":"2015-01-23T16:40:11","guid":{"rendered":"https:\/\/projects.lsv.ens-paris-saclay.fr\/orchidsdoc\/?page_id=171"},"modified":"2017-12-25T12:02:26","modified_gmt":"2017-12-25T12:02:26","slug":"the-udp-module","status":"publish","type":"page","link":"https:\/\/projects.lsv.ens-paris-saclay.fr\/orchidsdoc\/?page_id=171","title":{"rendered":"The udp module"},"content":{"rendered":"<p>The <code>udp<\/code> module reads raw packets from a <a title=\"UDP\" href=\"https:\/\/en.wikipedia.org\/wiki\/User_Datagram_Protocol\">UDP<\/a> connection over the Internet.<\/p>\n<p>The <code>udp<\/code> module is\u00a0 an <a title=\"Input modules\" href=\"https:\/\/projects.lsv.ens-paris-saclay.fr\/orchidsdoc\/?page_id=126\">input module<\/a>, meaning that its purpose is to read data from some sources, and convert it to Orchids events.\u00a0 The sources\u00a0 should be declared in the <a title=\"orchids-inputs.conf\" href=\"https:\/\/projects.lsv.ens-paris-saclay.fr\/orchidsdoc\/?page_id=145\"><code>orchids-inputs.conf<\/code><\/a> file.\u00a0 Admissible sources are UDP\u00a0(<code>SOCK_DGRAM<\/code>) connections over the Internet (<code>AF_INET<\/code>).\u00a0 For local UDP connections, use <a title=\"The sockunix module\" href=\"https:\/\/projects.lsv.ens-paris-saclay.fr\/orchidsdoc\/?page_id=210\"><code>sockunix<\/code><\/a> instead.<\/p>\n<p>The <code>udp<\/code> module reads from these sources and produces Orchids events, one per UDP packet.\u00a0 The contents of each packet will then be found in the <code>.udp.msg<\/code> field of the event.<\/p>\n<h3>Configuration options<\/h3>\n<p>None.<\/p>\n<p>(The <code>udp<\/code> module in fact understands the special <code>INPUT<\/code> directive.\u00a0 It takes a port number as argument, and connects to that port.\u00a0 This should <em>not<\/em> be used inside the <code>udp<\/code> module configuration file.\u00a0 Instead, input should be specified in the <a title=\"orchids-inputs.conf\" href=\"https:\/\/projects.lsv.ens-paris-saclay.fr\/orchidsdoc\/?page_id=145\"><code>orchids-inputs.conf<\/code><\/a> file.)<\/p>\n<h3>Fields<\/h3>\n<p>The last field is <code>.udp.msg<\/code>, available for further dissection; the dissection key is <code>.udp.tag<\/code>, which is a string rendition of the\u00a0<code>.udp.dst_port<\/code> field.\u00a0 This requires a bit of explanation.\u00a0 If you write:<\/p>\n<pre>DISSECT udp textfile 514<\/pre>\n<p>in the <code>orchids-inputs.conf<\/code> file, then you will get UDP packets from port 514 (the <code>syslog<\/code> port). This will be made clear by the fact that their <code>.udp.dst_port<\/code> field will be equal to the unsigned integer 514.\u00a0 Their <code>.udp.tag<\/code> field will be the string <code>\"514\"<\/code>, which can then be used as a <a title=\"Dissection modules\" href=\"https:\/\/projects.lsv.ens-paris-saclay.fr\/orchidsdoc\/?page_id=131\">dissection tag<\/a>.<\/p>\n<table style=\"border: solid 1px black;\">\n<tbody>\n<tr style=\"background-color: lightsteelblue;\">\n<th>Field<\/th>\n<th><a title=\"Types\" href=\"https:\/\/projects.lsv.ens-paris-saclay.fr\/orchidsdoc\/?page_id=98\">Type<\/a><\/th>\n<th><a href=\"https:\/\/projects.lsv.ens-paris-saclay.fr\/orchidsdoc\/?page_id=719\">Mono<\/a>?<\/th>\n<th>Description<\/th>\n<\/tr>\n<\/tbody>\n<tbody>\n<tr style=\"background-color: lightgrey;\">\n<td><code>.udp.event<\/code><\/td>\n<td><code>uint<\/code><\/td>\n<td>\u2713<\/td>\n<td>event number<\/td>\n<\/tr>\n<tr style=\"background-color: white;\">\n<td><code>.udp.time<\/code><\/td>\n<td><code>timeval<\/code><\/td>\n<td>\u2713<\/td>\n<td>reception time (by Orchids)<\/td>\n<\/tr>\n<tr style=\"background-color: lightgrey;\">\n<td><code>.udp.src_addr<\/code><\/td>\n<td><code>ipv4<\/code><\/td>\n<td><\/td>\n<td>source address<\/td>\n<\/tr>\n<tr style=\"background-color: white;\">\n<td><code>.udp.src_port<\/code><\/td>\n<td><code>uint<\/code><\/td>\n<td><\/td>\n<td>source port<\/td>\n<\/tr>\n<tr style=\"background-color: lightgrey;\">\n<td><code>.udp.dst_port<\/code><\/td>\n<td><code>uint<\/code><\/td>\n<td><\/td>\n<td>destination port<\/td>\n<\/tr>\n<tr style=\"background-color: white;\">\n<td><code>.udp.tag<\/code><\/td>\n<td><code>str<\/code><\/td>\n<td><\/td>\n<td>dissection tag<\/td>\n<\/tr>\n<tr style=\"background-color: lightgrey;\">\n<td><code>.udp.msg<\/code><\/td>\n<td><code>bstr<\/code><\/td>\n<td><\/td>\n<td>message, as raw packet<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The udp module reads raw packets from a UDP connection over the Internet. The udp module is\u00a0 an input module, meaning that its purpose is to read data from some sources, and convert it to Orchids events.\u00a0 The sources\u00a0 should be declared in the orchids-inputs.conf file.\u00a0 Admissible sources are UDP\u00a0(SOCK_DGRAM) connections over the Internet (AF_INET).\u00a0 &hellip; <a href=\"https:\/\/projects.lsv.ens-paris-saclay.fr\/orchidsdoc\/?page_id=171\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">The udp module<\/span> <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"open","template":"","meta":{"footnotes":""},"class_list":["post-171","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/projects.lsv.ens-paris-saclay.fr\/orchidsdoc\/index.php?rest_route=\/wp\/v2\/pages\/171","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/projects.lsv.ens-paris-saclay.fr\/orchidsdoc\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/projects.lsv.ens-paris-saclay.fr\/orchidsdoc\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/projects.lsv.ens-paris-saclay.fr\/orchidsdoc\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/projects.lsv.ens-paris-saclay.fr\/orchidsdoc\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=171"}],"version-history":[{"count":13,"href":"https:\/\/projects.lsv.ens-paris-saclay.fr\/orchidsdoc\/index.php?rest_route=\/wp\/v2\/pages\/171\/revisions"}],"predecessor-version":[{"id":738,"href":"https:\/\/projects.lsv.ens-paris-saclay.fr\/orchidsdoc\/index.php?rest_route=\/wp\/v2\/pages\/171\/revisions\/738"}],"wp:attachment":[{"href":"https:\/\/projects.lsv.ens-paris-saclay.fr\/orchidsdoc\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=171"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}