flows

package
v0.0.0-...-9f5628c Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 13, 2023 License: LGPL-3.0 Imports: 12 Imported by: 7

Documentation

Overview

Package flows provides functionality for implementing table-based merging of events into flows and extracting features from those events.

The flows package base functionalities for flow-tables, flows, features, and necessary data types. The most needed functionality are features and data types.

Features

Features are basic structs that receive events and might forward events to dependent features. This implies that features need at least an argument and return a value. Arguments and return values have three kinds of types: FeatureTypes, internal data type, and export data type. FeatureTypes are needed to check which kind of events a feature emits or consumes, which is used during record/feature instantiation. The internal data type is the concrete type of the data attached to an event and can be any of the builtin golang types or one of the DateTime-types from number.go/ipfix package. The export data type is the information element type registered with the feature. Upon export the internal data type will be converted to the ie-type.

The following FeatureTypes can be used:

  • Const: A constant value (can only be used as argument)
  • RawPacket: An input event from a packet source (can only be used as argument)
  • PacketFeature: A per-packet feature (return or argument)
  • FlowFeature: A per-flow feature (return or argument)
  • MatchType: Return type matches the argument type (Must be used as argument and return)
  • Selection: RawPacket - but filtered
  • Ellipsis: Can only be used as the last argument and means the previous argument type as often a needed

The following structs are available as base for new features:

  • NoopFeature: Features that don't forward events, or hold data. E.g. control or filter features
  • EmptyBaseFeature: Features that don't hold values, but forward events.
  • BaseFeature: Features that hold a value and forward new values to dependent features.
  • MultiBaseFeature: Features with multiple arguments.

Features must be registered with one of the Register* functions.

For examples of features have a look at the already built in features.

Data Types

Data types in this flow implementation are based on the ipfix data types. Convenience functions are provided to convert between those data types and promote multiple types.

Promotion rules are:

Anything non-64 bit gets converted to 64 bit, and time bases converted to nanoseconds, followed by the following rules

  • If both types are the same ⇒ use this type
  • signed, unsigned ⇒ unsigned
  • signed/unsigned, float ⇒ float
  • number, time ⇒ time

Event Propagation

Events are forwarded in the following way:

  1. Table: find flow according to key, or create new Flow

  2. Flow: forward event to recordlist

  3. Recordlist: Send event to every Record

  4. Record: If the record contains filters do 4a; otherwise continue with 5 4.a Record, Filters: If the filters haven't been started, start those. 4.b Record, Filters: Try every filter in order. If everyone acks the event, continue with 5, otherwise continue with 9

  5. Record: If record is not active, call start of every feature.

  6. Record: Call control features and handle stop (call stop event, continue with 9), export (call stop, export, continue with 5) or restart (call stop, continue with 5) conditions

  7. Record: Forward event to every feature

  8. Record: If control feature demands it, handle export (call stop, export, continue with 9), restart (call start, continue with 9)

  9. Flow: If no Record is active, kill the flow

    During Stop control features can prevent an eventual export by calling context.Stop()

Index

Constants

View Source 
const NoVariant = -1

NoVariant represents the value returned from Variant if this Feature has only a single type.

Variables

View Source 
var (
	// TimerIdle is the idle timer of every flow
	TimerIdle = RegisterTimer()
	// TimerActive is the active timer of every flow
	TimerActive = RegisterTimer()
)

Functions

func CleanupFeatures 

func CleanupFeatures()

CleanupFeatures deletes _all_ feature definitions for conserving memory. Call this after you've finished creating all feature lists with NewFeatureListCreator.

func ExporterHelp 

func ExporterHelp(which string) error

ExporterHelp displays help for a specific exporter (see module system in util)

func FixType 

func FixType(val interface{}, t NumberType) interface{}

FixType casts the value to the final type. See UpConvert for usage.

func ListExporters 

func ListExporters() ([]util.ModuleDescription, error)

ListExporters returns a list of exporters (see module system in util)

func ListFeatures 

func ListFeatures(w io.Writer)

ListFeatures creates a table of available features and outputs it to w.

func MakeIncompatibleVariantError 

func MakeIncompatibleVariantError(format string, a ...interface{}) error

MakeIncompatibleVariantError returns a new error signifying an incompatible variant

func RegisterCompositeFeature 

func RegisterCompositeFeature(ie ipfix.InformationElement, description string, definition ...interface{})

RegisterCompositeFeature registers a new composite feature with the given name. Composite features are features that depend on other features and need to be represented in the form ["featurea", ["featureb", "featurec"]]

func RegisterControlFeature 

func RegisterControlFeature(name string, description string, make MakeFeature)

RegisterControlFeature registers a control feature (i.e. a feature that can manipulate flow behaviour)

func RegisterCustomFunction 

func RegisterCustomFunction(name string, description string, resolver TypeResolver, ret FeatureType, make MakeFeature, arguments ...FeatureType)

RegisterCustomFunction registers a function that needs custom type resolution to get the return type.

func RegisterExporter 

func RegisterExporter(name, desc string, new util.ModuleCreator, help util.ModuleHelp)

RegisterExporter registers an exporter (see module system in util)

func RegisterFeature 

func RegisterFeature(ie ipfix.InformationElement, description string, ret FeatureType, make MakeFeature, arguments ...FeatureType)

RegisterFeature registers a new feature with the given IE.

func RegisterFilterFeature 

func RegisterFilterFeature(name string, description string, make MakeFeature)

RegisterFilterFeature registers a filter feature (i.e. a feature that can skip events for a flow)

func RegisterFunction 

func RegisterFunction(name string, description string, ret FeatureType, make MakeFeature, arguments ...FeatureType)

RegisterFunction registers a function (feature with arguments - e.g. min()), whose data type can be resolved from the arguments

This is the case for one-argument functions, where return type (e.g. min()) is the same as argument type, and n-argument functions, where the return type is the maximum numeric type resolved from the arguments (e.g. add)

func RegisterStandardCompositeFeature 

func RegisterStandardCompositeFeature(name string, definition ...interface{})

RegisterStandardCompositeFeature registers a composite feature (see RegisterCompositeFeature) that is part of the iana ipfix list

func RegisterStandardFeature 

func RegisterStandardFeature(name string, ret FeatureType, make MakeFeature, arguments ...FeatureType)

RegisterStandardFeature registers a feature from the iana ipfix list

func RegisterStandardReverseFeature 

func RegisterStandardReverseFeature(name string, ret FeatureType, make MakeFeature, arguments ...FeatureType)

RegisterStandardReverseFeature registers the reverse feature of the given name from the iana ipfix list (e.g. RegisterStandardReverseFeature("octetTotalCount", ...) would register reverseOctetTotalCount)

func RegisterStandardVariantFeature 

func RegisterStandardVariantFeature(name string, description string, ies []ipfix.InformationElement, ret FeatureType, make MakeFeature, arguments ...FeatureType)

RegisterStandardVariantFeature registers a feature that represents more than one information element depending on the data and is part of the iana ipfix list (e.g. sourceIpv4Address/sourceIpv6Address)

func RegisterTemporaryCompositeFeature 

func RegisterTemporaryCompositeFeature(name string, description string, t ipfix.Type, tl uint16, definition ...interface{})

RegisterTemporaryCompositeFeature registers a composite feature (see RegisterCompositeFeature) that is not part of the iana ipfix list

func RegisterTemporaryFeature 

func RegisterTemporaryFeature(name string, description string, t ipfix.Type, tl uint16, ret FeatureType, make MakeFeature, arguments ...FeatureType)

RegisterTemporaryFeature registers a feature that is not part of the iana ipfix list. It gets assigned a number upon exporting.

func RegisterTypedFunction 

func RegisterTypedFunction(name string, description string, t ipfix.Type, tl uint16, ret FeatureType, make MakeFeature, arguments ...FeatureType)

RegisterTypedFunction registers a function that has a specific return type.

func RegisterVariantFeature 

func RegisterVariantFeature(name string, description string, ies []ipfix.InformationElement, ret FeatureType, make MakeFeature, arguments ...FeatureType)

RegisterVariantFeature registers a feature that represents more than one information element depending on the data.

func ToFloat 

func ToFloat(a interface{}) float64

ToFloat converts the given value to a float64

func ToInt 

func ToInt(a interface{}) int64

ToInt converts the given value to a int64

func ToUInt 

func ToUInt(a interface{}) uint64

ToUInt converts the given value to an uint64

func UpConvert 

func UpConvert(a, b interface{}) (dst NumberType, family NumberType, ai, bi interface{})

UpConvert returns either two Signed64 or two Float64 depending on the numbers. Returned are dst, which is the type the final value must be converted to after the operation, the family this value can be operated on and the two values possibly converted to a different type.

Use FixType to convert the result to the final data type

Example: 

// valueA, valueB contain data to be multiplied
dst, fl, a, b := UpConvert(valueA, valueB)
var result interface{}
switch fl {
case UIntType:
	result = a.(uint64) * b.(uint64)
case IntType:
	result = a.(int64) * b.(int64)
case FloatType:
	result = a.(float64) * b.(float64)
}
result := FixType(result, dst)

func UpConvertInformationElements 

func UpConvertInformationElements(ies []ipfix.InformationElement) (ipfix.InformationElement, error)

UpConvertInformationElements returns the upconverted InformationElement for numeric operations with 2 arguments

func UpConvertTypes 

func UpConvertTypes(a, b ipfix.Type) ipfix.Type

UpConvertTypes returns the shared type of two types to which data must be converted to for operations.

Types

type BaseFeature 

type BaseFeature struct {
	EmptyBaseFeature
	// contains filtered or unexported fields
}

BaseFeature includes all the basic functionality to fulfill the Feature interface.

In most cases you need this as the base for implementing feature

func (*BaseFeature) SetValue 

func (f *BaseFeature) SetValue(new interface{}, context *EventContext, self interface{})

SetValue sets a new value and forwards it to the dependent features. Do not overload unless you know what you're doing!

func (*BaseFeature) Start 

func (f *BaseFeature) Start(*EventContext)

Start clears the held value. You must all this in your feature if you override Start!

func (*BaseFeature) Value 

func (f *BaseFeature) Value() interface{}

Value returns the current value. Do not overload unless you know what you're doing!

type BaseFlow 

type BaseFlow struct {
	// contains filtered or unexported fields
}

BaseFlow holds the base information a flow needs. Needs to be embedded into every flow. The actual features are help in one or more records.

func (*BaseFlow) Active 

func (flow *BaseFlow) Active() bool

Active returns if the flow is still active.

func (*BaseFlow) AddTimer 

func (flow *BaseFlow) AddTimer(id TimerID, f TimerCallback, when DateTimeNanoseconds)

AddTimer adds a new timer with the associated id, callback, at the time when. If the timerid already exists, then the old timer will be overwritten.

func (*BaseFlow) EOF 

func (flow *BaseFlow) EOF(context *EventContext)

EOF stops the flow with forced end reason.

func (*BaseFlow) Event 

func (flow *BaseFlow) Event(event Event, context *EventContext)

Event handles the given event and the active and idle timers.

func (*BaseFlow) Export 

func (flow *BaseFlow) Export(reason FlowEndReason, context *EventContext, now DateTimeNanoseconds)

Export exports the features of the flow with reason as FlowEndReason, at time when, with current time now. Afterwards the flow is removed from the table.

func (*BaseFlow) ExportWithoutContext 

func (flow *BaseFlow) ExportWithoutContext(reason FlowEndReason, expire, now DateTimeNanoseconds)

ExportWithoutContext exports the features of the flow (see Export). This function can be used, when no context is available.

func (*BaseFlow) HasTimer 

func (flow *BaseFlow) HasTimer(id TimerID) bool

HasTimer returns true if the timer with id is active.

func (*BaseFlow) ID 

func (flow *BaseFlow) ID() uint64

ID returns the flow ID within the flow table

func (*BaseFlow) Init 

func (flow *BaseFlow) Init(table *FlowTable, key string, forward bool, context *EventContext, id uint64)

Init initializes the flow and correspoding features. The associated table, key, and current time need to be provided.

func (*BaseFlow) Key 

func (flow *BaseFlow) Key() string

Key returns the flow key belonging to this flow.

func (*BaseFlow) RemoveTimer 

func (flow *BaseFlow) RemoveTimer(id TimerID)

RemoveTimer deletes the timer with the given id.

func (*BaseFlow) Stop 

func (flow *BaseFlow) Stop()

Stop destroys the resources associated with this flow. Call this to cancel the flow without exporting it or notifying the features.

func (*BaseFlow) Table 

func (flow *BaseFlow) Table() *FlowTable

Table returns the flow table belonging to this flow.

type DateTimeMicroseconds 

type DateTimeMicroseconds = ipfix.DateTimeMicroseconds

DateTimeMicroseconds represents time in units of microseconds from 00:00 UTC, Januray 1, 1970 according to RFC5102.

type DateTimeMilliseconds 

type DateTimeMilliseconds = ipfix.DateTimeMilliseconds

DateTimeMilliseconds represents time in units of milliseconds from 00:00 UTC, Januray 1, 1970 according to RFC5102.

type DateTimeNanoseconds 

type DateTimeNanoseconds = ipfix.DateTimeNanoseconds

DateTimeNanoseconds represents time in units of nanoseconds from 00:00 UTC, Januray 1, 1970 according to RFC5102. 

const (
	// NanosecondsInNanoseconds holds the time value of one nanosecond.
	NanosecondsInNanoseconds DateTimeNanoseconds = 1
	// MicrosecondsInNanoseconds holds the time value of one microsecond.
	MicrosecondsInNanoseconds DateTimeNanoseconds = 1000 * NanosecondsInNanoseconds
	// MillisecondsInNanoseconds holds the time value of one millisecond.
	MillisecondsInNanoseconds DateTimeNanoseconds = 1000 * MicrosecondsInNanoseconds
	// SecondsInNanoseconds holds the time value of one second.
	SecondsInNanoseconds DateTimeNanoseconds = 1000 * MillisecondsInNanoseconds
	// MinutesInNanoseconds holds the time value of one minute.
	MinutesInNanoseconds DateTimeNanoseconds = 60 * SecondsInNanoseconds
	// HoursInNanoseconds holds the time value of one hour.
	HoursInNanoseconds DateTimeNanoseconds = 60 * MinutesInNanoseconds
)

type DateTimeSeconds 

type DateTimeSeconds = ipfix.DateTimeSeconds

DateTimeSeconds represents time in units of seconds from 00:00 UTC, Januray 1, 1970 according to RFC5102.

type EmptyBaseFeature 

type EmptyBaseFeature struct {
	// contains filtered or unexported fields
}

EmptyBaseFeature implements the feature interface with some added functionality to support the most basic operation (e.g. value passing to dependent features).

Use this as a base for features that don't need to hold values, but must emit them.

func (*EmptyBaseFeature) Emit 

func (f *EmptyBaseFeature) Emit(new interface{}, context *EventContext, self interface{})

Emit propagates the new value to all dependent features. Do not overload unless you know what you're doing!

func (*EmptyBaseFeature) Event 

func (f *EmptyBaseFeature) Event(interface{}, *EventContext, interface{})

Event is an empty function to ignore every event. Overload this if you need events.

func (*EmptyBaseFeature) FinishEvent 

func (f *EmptyBaseFeature) FinishEvent(context *EventContext)

FinishEvent propagates this event to all dependent features. Do not overload unless you know what you're doing!

func (*EmptyBaseFeature) IsConstant 

func (f *EmptyBaseFeature) IsConstant() bool

IsConstant returns false to signal that this feature is not a constant. Overload this if you need to emulate a constant.

func (*EmptyBaseFeature) SetValue 

func (f *EmptyBaseFeature) SetValue(new interface{}, when *EventContext, self interface{})

SetValue is an empty function to ignore constant arguments. Overload this if you need this data.

func (*EmptyBaseFeature) Start 

func (f *EmptyBaseFeature) Start(*EventContext)

Start is an empty function to ignore start events. Overload this if you need start events.

func (*EmptyBaseFeature) Stop 

func (f *EmptyBaseFeature) Stop(FlowEndReason, *EventContext)

Stop is an empty function to ignore stop events. Overload this if you need stop events.

func (*EmptyBaseFeature) Value 

func (f *EmptyBaseFeature) Value() interface{}

Value returns the empty value (nil). Overload this if you need to return a value.

func (*EmptyBaseFeature) Variant 

func (f *EmptyBaseFeature) Variant() int

Variant returns NoVariant. Overload this if your feature has multiple types.

type Event 

type Event interface {
	// Timestamp returns the timestamp of the event.
	Timestamp() DateTimeNanoseconds
	// Key returns a flow key.
	Key() string
	// LowToHigh returns if the direction is from the lower key to the higher key for bidirectional
	LowToHigh() bool
	// SetWindow sets the window id. Must be unique for every window, and packets belong to the same window must be consecutive.
	SetWindow(uint64)
	// Window returns the window id
	Window() uint64
	// EventNr returns the number of the event
	EventNr() uint64
}

Event describes a top level event (e.g., a single packet)

type EventContext 

type EventContext struct {
	// contains filtered or unexported fields
}

EventContext holds additional data for an event (e.g. time) and allows features to modify flow behaviour

func (*EventContext) Event 

func (ec *EventContext) Event(new interface{}, context *EventContext, data interface{})

Event must be called by filter-features to forward an Event down the processing chain

func (*EventContext) Export 

func (ec *EventContext) Export(now bool, reason FlowEndReason)

Export exports the current record now or after the event. WARNING: If now is true, the current event happens again after this!

func (*EventContext) Flow 

func (ec *EventContext) Flow() Flow

Flow returns the current flow

func (*EventContext) Forward 

func (ec *EventContext) Forward() bool

Forward returns true if the packet is in the same direction as the first packet

func (*EventContext) IsHard 

func (ec *EventContext) IsHard() bool

IsHard returns true, if the current Stop event is non-cancelable (e.g. EOF)

func (*EventContext) Keep 

func (ec *EventContext) Keep()

Keep keeps this record alive for filters

func (*EventContext) Restart 

func (ec *EventContext) Restart(now bool)

Restart restarts the current record now or after the event WARNING: If now is true, the current event happens again after this!

func (*EventContext) Stop 

func (ec *EventContext) Stop()

Stop removes the current record and discards the current event. If this is called during stop, flow export can be cancelled

func (*EventContext) When 

func (ec *EventContext) When() DateTimeNanoseconds

When returns the time, the event happened, or the current time

type ExportPipeline 

type ExportPipeline struct {
	// contains filtered or unexported fields
}

ExportPipeline contains all functionality for merging results from multiple tables and exporting

func MakeExportPipeline 

func MakeExportPipeline(exporter []Exporter, sortOrder SortType, numTables uint) (*ExportPipeline, error)

MakeExportPipeline creates an ExportPipeline for a list of Exporters

func (*ExportPipeline) Flush 

func (e *ExportPipeline) Flush()

Flush shuts the pipline down and waits for it to finish

type Exporter 

type Exporter interface {
	util.Module
	// Export gets called upon record export with a list of features and the export time.
	Export(Template, []interface{}, DateTimeNanoseconds)
	// Fields gets called during flow-exporter initialization with the list of fieldnames as argument
	Fields([]string)
	// Finish gets called before program exit. Eventual flushing needs to be implemented here.
	Finish()
}

Exporter represents a generic exporter

func MakeExporter 

func MakeExporter(which string, args []string) ([]string, Exporter, error)

MakeExporter creates an exporter instance (see module system in util)

type Feature 

type Feature interface {
	// Event gets called for every event. Data is provided via the first argument and a context providing addional information/control via the second argument.
	Event(interface{}, *EventContext, interface{})
	// FinishEvent gets called after every Feature was processed for the current event.
	FinishEvent(*EventContext)
	// Value provides the current stored value.
	Value() interface{}
	// SetValue stores a new value with the associated time.
	SetValue(interface{}, *EventContext, interface{})
	// Start gets called when the flow starts.
	Start(*EventContext)
	// Stop gets called with an end reason and time when a flow stops
	Stop(FlowEndReason, *EventContext)
	// Variant must return the current variant id, if the Feature can represent multiple types (e.g. ipv4Address vs ipv6Address). Must be NoVariant otherwise.
	Variant() int
	// Emit sends value new, with time when, and source self to the dependent Features
	Emit(new interface{}, when *EventContext, self interface{})
	// IsConstant must return true, if this feature is a constant
	IsConstant() bool
	// contains filtered or unexported methods
}

Feature interfaces, which all features need to implement

type FeatureError 

type FeatureError struct {
	// contains filtered or unexported fields
}

FeatureError gets returned from the feature parser and specifies the error message and includes information about feature number

func (FeatureError) Error 

func (f FeatureError) Error() string

func (FeatureError) ID 

func (f FeatureError) ID() int

ID returns the feature id that caused the error

type FeatureType 

type FeatureType int

FeatureType represents if the feature is a flow or packet feature. This is used for argument and return type specification. 

const (

	// Const is a constant
	Const FeatureType

	// RawPacket is a packet from the packet source
	RawPacket
	// RawFlow is a flow from the flow source
	RawFlow

	// PacketFeature is a packet feature, i.e., emits one value per packet
	PacketFeature
	// FlowFeature is a flow feature, i.e., emits one value per flow
	FlowFeature

	// MatchType specifies that the argument type has to match the return type
	MatchType

	// Selection specifies a packet/flow selection
	Selection

	// Ellipsis represents a continuation of the last argument
	Ellipsis

	// ControlFeature is a feature, that is called first and is able to modify Flow behaviour
	ControlFeature
)

func (FeatureType) String 

func (f FeatureType) String() string

type FeatureWithArguments 

type FeatureWithArguments interface {
	// SetArguments gets called during Feature initialization with the arguments of the features (needed for operations). arguments contains indizes into features
	SetArguments(arguments []int, features []Feature)
}

FeatureWithArguments represents a feature that needs arguments (e.g. MultiBase*Feature or select)

type Flow 

type Flow interface {
	//// Functions for timer handling
	//// ------------------------------------------------------------------
	// AddTimer adds a timer with the specific id and callback, which will be called at the given point in time
	AddTimer(TimerID, TimerCallback, DateTimeNanoseconds)
	// HasTimer returns true, if an active timer exists for the given timer id
	HasTimer(TimerID) bool
	// RemoveTimer cancels the timer with the given id
	RemoveTimer(TimerID)

	//// Functions for event handling
	//// ------------------------------------------------------------------
	// Event gets called by the flow table for every event that belongs to this flow
	Event(Event, *EventContext)
	// EOF gets called from the main program after the last event was read from the input
	EOF(*EventContext)
	// Export exports the features of the flow with reason as FlowEndReason, at time when, with current time now. Afterwards the flow is removed from the table.
	Export(reason FlowEndReason, context *EventContext, now DateTimeNanoseconds)
	// ExportWithoutContext exports the features of the flow (see Export). This function can be used from within timers.
	ExportWithoutContext(reason FlowEndReason, expire, now DateTimeNanoseconds)

	//// Functions for querying flow status
	//// ------------------------------------------------------------------
	// Active returns true if this flow is still active
	Active() bool
	// Key returns the flow key
	Key() string
	// ID returns the flow id
	ID() uint64
	// Table returns the flow table this flow belongs to
	Table() *FlowTable

	//// Functions for flow initialization
	//// ------------------------------------------------------------------
	// Init gets called by the flow table to provide the flow table, a key, and a flow id
	Init(*FlowTable, string, bool, *EventContext, uint64)
	// contains filtered or unexported methods
}

Flow interface is the primary object for flows. This gets created in the flow table for non-existing flows and lives until forced end (EOF), timer expiry (active/idle timeout), or derived from the data (e.g. tcp fin/rst)

type FlowCreator 

type FlowCreator func(Event, *FlowTable, string, bool, *EventContext, uint64) Flow

FlowCreator is responsible for creating new flows. Supplied values are event, the flowtable, a flow key, and the current time.

type FlowEndReason 

type FlowEndReason byte

FlowEndReason holds the flowEndReason as specified by RFC5102 

const (
	// FlowEndReasonIdle idle timeout as specified by RFC5102
	FlowEndReasonIdle FlowEndReason = 1
	// FlowEndReasonActive active timeout as specified by RFC5102
	FlowEndReasonActive FlowEndReason = 2
	// FlowEndReasonEnd end of flow as specified by RFC5102
	FlowEndReasonEnd FlowEndReason = 3
	// FlowEndReasonForcedEnd forced end of flow as specified by RFC5102
	FlowEndReasonForcedEnd FlowEndReason = 4
	// FlowEndReasonLackOfResources lack of resources as specified by RFC5102
	FlowEndReasonLackOfResources FlowEndReason = 5
)

type FlowOptions 

type FlowOptions struct {
	// ActiveTimeout is the active timeout in nanoseconds
	ActiveTimeout DateTimeNanoseconds
	// IdleTimeout is the idle timeout in nanoseconds
	IdleTimeout DateTimeNanoseconds
	// WindowExpiry specifies if all packets should be expired after a window ended
	WindowExpiry bool
	// PerPacket specifies single flow per packet
	PerPacket bool
	// TCPExpiry specifies if tcp expiry is wanted (only works if the key contains at least the five tuple)
	TCPExpiry bool
	// SortOutput specifies how the output should be sorted
	SortOutput SortType
	// CustomSettings contains a map with all the settings read from the flow specification
	CustomSettings map[string]interface{}
}

FlowOptions applying to each flow

type FlowTable 

type FlowTable struct {
	FlowOptions

	Stats TableStats
	// contains filtered or unexported fields
}

FlowTable holds flows assigned to flow keys and handles expiry, events, and flow creation.

func NewFlowTable 

func NewFlowTable(records RecordListMaker, newflow FlowCreator, options FlowOptions, fivetuple bool, id uint8) *FlowTable

NewFlowTable returns a new flow table utilizing features, the newflow function called for unknown flows, and the active and idle timeout.

func (*FlowTable) EOF 

func (tab *FlowTable) EOF(now DateTimeNanoseconds)

EOF needs to be called upon end of file (e.g., program termination). All outstanding timers get expired, and the rest of the flows terminated with an eof event.

func (*FlowTable) Event 

func (tab *FlowTable) Event(event Event)

Event needs to be called for every event (e.g., a received packet). Handles flow expiry if the event belongs to a flow, flow creation, and forwarding the event to the flow.

func (*FlowTable) Expire 

func (tab *FlowTable) Expire(when DateTimeNanoseconds)

Expire expires all unhandled timer events. Can be called periodically to conserve memory.

func (*FlowTable) FiveTuple 

func (tab *FlowTable) FiveTuple() bool

FiveTuple returns true if the key function is the fivetuple key

func (*FlowTable) ID 

func (tab *FlowTable) ID() uint8

ID returns the table id

type MakeFeature 

type MakeFeature func() Feature

MakeFeature is a function that returns an instantiated Feature

type MultiBaseFlowFeature 

type MultiBaseFlowFeature struct {
	BaseFeature
	// contains filtered or unexported fields
}

MultiBaseFlowFeature extends BaseFeature with argument tracking.

Use this as base for creating new features returning FlowFeature with multiple arguments.

func (*MultiBaseFlowFeature) GetValues 

func (f *MultiBaseFlowFeature) GetValues(context *EventContext) []interface{}

GetValues returns the values of every argument

func (*MultiBaseFlowFeature) SetArguments 

func (f *MultiBaseFlowFeature) SetArguments(args []int, features []Feature)

SetArguments prepares the internal argument list for argument tracking. Do not overload unless you know what you're doing!

type MultiBasePacketFeature 

type MultiBasePacketFeature struct {
	BaseFeature
	// contains filtered or unexported fields
}

MultiBasePacketFeature extends BaseFeature with event tracking.

Use this as base for creating new features returning PacketFeature with multiple arguments.

func (*MultiBasePacketFeature) EventResult 

func (f *MultiBasePacketFeature) EventResult(new interface{}, which interface{}) []interface{}

EventResult returns the list of values for a multievent or nil if not every argument had an event Call this function at the beginning of Event.

func (*MultiBasePacketFeature) FinishEvent 

func (f *MultiBasePacketFeature) FinishEvent(context *EventContext)

FinishEvent resets event tracking for all the arguments. Do not overload unless you know what you're doing!

func (*MultiBasePacketFeature) SetArguments 

func (f *MultiBasePacketFeature) SetArguments(args []int, all []Feature)

SetArguments prepares the internal argument list for event tracking. Do not overload unless you know what you're doing!

type NoopFeature 

type NoopFeature struct{}

NoopFeature implements the feature interface and represents a feature without built in functionality.

Use this as a base for features that don't hold values and only emit them. Good examples are filter or control features.

func (*NoopFeature) Emit 

func (f *NoopFeature) Emit(new interface{}, context *EventContext, self interface{})

Emit is an empty function to ignore emitted values. Overload this if you need to emit values.

func (*NoopFeature) Event 

func (f *NoopFeature) Event(interface{}, *EventContext, interface{})

Event is an empty function to ignore every event. Overload this if you need events.

func (*NoopFeature) FinishEvent 

func (f *NoopFeature) FinishEvent(*EventContext)

FinishEvent is an empty function to ignore end of event-processing. Overload this if you need such events.

func (*NoopFeature) IsConstant 

func (f *NoopFeature) IsConstant() bool

IsConstant returns false to signal that this feature is not a constant. Overload this if you need to emulate a constant.

func (*NoopFeature) SetValue 

func (f *NoopFeature) SetValue(new interface{}, when *EventContext, self interface{})

SetValue is an empty function to ignore constant arguments. Overload this if you need this data.

func (*NoopFeature) Start 

func (f *NoopFeature) Start(*EventContext)

Start is an empty function to ignore start events. Overload this if you need start events.

func (*NoopFeature) Stop 

func (f *NoopFeature) Stop(FlowEndReason, *EventContext)

Stop is an empty function to ignore stop events. Overload this if you need stop events.

func (*NoopFeature) Value 

func (f *NoopFeature) Value() interface{}

Value returns the empty value (nil). Overload this if you need to return a value.

func (*NoopFeature) Variant 

func (f *NoopFeature) Variant() int

Variant returns NoVariant. Overload this if your feature has multiple types.

type NumberType 

type NumberType int

NumberType is used for differentiating between int uint float and different time types 

const (
	// IntType represents int64
	IntType NumberType = iota
	// UIntType represents uint64
	UIntType
	// FloatType represents float64
	FloatType
	// SecondsType represents DateTimeSeconds
	SecondsType
	// MillisecondsType represents DateTimeMilliseconds
	MillisecondsType
	// MicrosecondsType represents DateTimeMicroseconds
	MicrosecondsType
	// NanosecondsType represents DateTimeNanoseconds
	NanosecondsType
)

type Record 

type Record interface {
	// Destroy must be called before a record is removed to clean up unexported exportlists
	Destroy()
	// Event gets called for every event
	Event(Event, *EventContext, *FlowTable, int)
	// Export exports this record
	Export(FlowEndReason, *EventContext, DateTimeNanoseconds, *FlowTable, int)
	// Returns true if this record is still active
	Active() bool
}

Record holds multiple features that belong to a single record

type RecordListMaker 

type RecordListMaker struct {
	// contains filtered or unexported fields
}

RecordListMaker holds metadata for instantiating a list of records with included features

func (*RecordListMaker) AppendRecord 

func (rl *RecordListMaker) AppendRecord(features []interface{}, control, filter []string, exporter *ExportPipeline, verbose bool) error

AppendRecord creates a internal representation needed for instantiating records from a feature specification, a list of exporters and a needed base (only FlowFeature supported so far)

func (RecordListMaker) CallGraph 

func (rl RecordListMaker) CallGraph(w io.Writer)

CallGraph generates a call graph in the graphviz language and writes the result to w.

func (RecordListMaker) Clean 

func (rl RecordListMaker) Clean()

Clean execution graph, which is not needed for execution

func (RecordListMaker) Flush 

func (rl RecordListMaker) Flush()

Flush flushes all outstanding exports and waits for them to finish. Must be called before exporters can be shut down

func (RecordListMaker) Init 

func (rl RecordListMaker) Init()

Init must be called after instantiating a record list

type RecordMaker 

type RecordMaker struct {
	// contains filtered or unexported fields
}

RecordMaker holds metadata for instantiating a record

func (*RecordMaker) Init 

func (rm *RecordMaker) Init()

Init must be called after a Record was instantiated

type SortType 

type SortType int

SortType specifies output sorting order 

const (
	// SortTypeNone does no sorting (output order will be indeterministic)
	SortTypeNone SortType = iota
	// SortTypeStartTime sorts flows by packet number of the first packet in the flow
	SortTypeStartTime
	// SortTypeStopTime sorts flows by packet number of the last packet in the flow
	SortTypeStopTime
	// SortTypeExpiryTime sorts flows by expiry time and in case of ties packet number of the last packet in the flow; last packet in case of eof
	SortTypeExpiryTime
)

func AtoSort 

func AtoSort(s string) (SortType, error)

AtoSort converts a string to a sort type

type TableStats 

type TableStats struct {
	// Packets is the number of packets processed
	Packets uint64
	// Flows is the number of flows processed
	Flows uint64
	// Maxflows is the maximum number of concurrent flows processed
	Maxflows uint64
}

TableStats holds statistics for this table

type Template 

type Template interface {

	// InformationElements returns the list of information elements
	InformationElements() []ipfix.InformationElement
	// Unique template ID for this template
	ID() int
	// contains filtered or unexported methods
}

Template holds the information elements of a record

type TimerCallback 

type TimerCallback func(expires, now DateTimeNanoseconds)

TimerCallback is a function the gets called upon a timer event. This event receives the expiry time and the current time.

type TimerID 

type TimerID int

TimerID represents a single timer

func RegisterTimer 

func RegisterTimer() TimerID

RegisterTimer registers a new timer and returns the new TimerID.

type TypeResolver 

type TypeResolver func([]ipfix.InformationElement) (ipfix.InformationElement, error)

TypeResolver is a resolution function. It must return an ipfix information element for a givent list of feature argument types.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.