/**************************** Data structures *****************************/

---------------------------------------------------------------
/* Possible flow classifications */
enum flow_class {NORMAL, SUSPICIOUS, ATTACK}
---------------------------------------------------------------
/* Flow record for all traffic to and from a given IP address */
struct flow_stats
{
  int received_from       /* Number of packets received from this address */
  int sent_to	          /* Number of packets sent to this address */
  int received_bytes      /* Number of bytes received from this address */
  int sent_bytes          /* Number of bytes sent to this address */
  double tcprto           /* Smoothed sent/rec packet ratios */
  double icmprto    
  long timestamp          /* Time when this entry was last reset */
  enum flow_class classification   /* Current flow classification */
  int compliant           /* Compliant period */
  int TCP_received_from   /* Per protocol statistics */
  int TCP_sent_to
  int TCP_received_bytes
  int TCP_sent_bytes
  int UDP_received_from
  int UDP_sent_to
  int UDP_received_bytes
  int UDP_sent_bytes
  int ICMP_received_from
  int ICMP_sent_to
  int ICMP_received_bytes
  int ICMP_sent_bytes
  int OTHER_received_from
  int OTHER_sent_to
  int OTHER_received_bytes
  int OTHER_sent_bytes
  int TCP_conns	  	   /* Number of connections per protocol */
  int UDP_conns
  int ICMP_conns
  int OTHER_conns 
  float min                /* Some statistics we added for increasing 
  float track                 and pulsing attacks */
  float stats[WINDOW]
  int avg_time
  int good_bytes          /* Bytes that are part of good connections */
  int good_bytes_old      /* Smoothed value of good_bytes from prev.obs.int. */
  int dropped_bytes       /* Bytes that are dropped due to rate limit */
  int rate_limit 	  /* Current rate limit */
}
---------------------------------------------------------------
/* Possible connection classifications */
enum conn_class {GOOD, TRANSIENT, BAD}
---------------------------------------------------------------
/* Connection record for all traffic between two IP addresses
   and ports  */
struct conn_stats
{
  int received_from       /* Number of packets received from foreign address */
  int sent_to	          /* Number of packets sent to foreign address */
  int received_bytes      /* Number of bytes received from foreign address */
  int sent_bytes          /* Number of bytes sent to foreign address */
  double rto              /* Smoothed sent/rec packet ratio */
  long timestamp          /* Time when this entry was last reset */
  enum conn_class classification   /* Current connection classification */
  enum proto_type protocol /* transport protocol of this connection */
  int new_connection /* flag to differentiate just initiated connections */
}
---------------------------------------------------------------
/* Flow hash entry */
struct flow_hash_entry
{
	unsigned int IPaddress /* key */
	struct flow_stats data /* statistics */
}
---------------------------------------------------------------
/* Connection hash entry */
struct conn_hash_entry
{
	struct conn_key {	/* key */
		unsigned int foreign_IPaddress 
		unsigned int local_IPaddress
		short foreign_port
		short local_port
	} 
	struct conn_stats data /* statistics */
}
---------------------------------------------------------------



