Documentation
¶
Overview ¶
Package common provides a flow type and a few standard helpers.
Index ¶
Constants ¶
View Source
const ( // DefaultStopTimeout is the default stop timeout in seconds DefaultStopTimeout = 5 // DefaultAggregatorFlushInterval is the default flush interval in seconds DefaultAggregatorFlushInterval = 300 // 5min // DefaultAggregatorBufferSize is the default aggregator buffer size interval DefaultAggregatorBufferSize = 10000 // DefaultAggregatorPortRollupThreshold is the default aggregator port rollup threshold DefaultAggregatorPortRollupThreshold = 10 // DefaultAggregatorRollupTrackerRefreshInterval is the default aggregator rollup tracker refresh interval DefaultAggregatorRollupTrackerRefreshInterval = 300 // 5min // DefaultBindHost is the default bind host used for flow listeners DefaultBindHost = "0.0.0.0" // DefaultPrometheusListenerAddress is the default goflow prometheus listener address DefaultPrometheusListenerAddress = "localhost:9090" )
Variables ¶
View Source
var FlowTypeDetails = map[FlowType]FlowTypeDetail{ TypeIPFIX: { // contains filtered or unexported fields }, TypeSFlow5: { // contains filtered or unexported fields }, TypeNetFlow5: { // contains filtered or unexported fields }, TypeNetFlow9: { // contains filtered or unexported fields }, }
FlowTypeDetails contain list of valid FlowTypeDetail
Functions ¶
func IsEqualFlowContext ¶
IsEqualFlowContext check if the flow and another flow have equal values for all fields used in `AggregationHash`. This method is used for hash collision detection.
Types ¶
type AdditionalFields ¶
AdditionalFields holds additional fields collected
type EndianType ¶
type EndianType string
EndianType is used to configure additional fields endianness
var ( // BigEndian is used to configure a big endian additional field BigEndian EndianType = "big" // LittleEndian is used to configure a little endian additional field LittleEndian EndianType = "little" )
type FieldType ¶
type FieldType string
FieldType is used to configure additional fields data type
var ( // String type is used to configure a textual additional field String FieldType = "string" // Integer type is used to configure an integer additional field Integer FieldType = "integer" // Hex type is used to configure a hex additional field Hex FieldType = "hex" // DefaultFieldTypes contains types for default payload fields DefaultFieldTypes = map[string]FieldType{ "direction": Integer, "start": Integer, "end": Integer, "bytes": Integer, "packets": Integer, "ether_type": Integer, "ip_protocol": Integer, "exporter.ip": Hex, "source.ip": Hex, "source.port": Integer, "source.mac": Integer, "source.mask": Integer, "destination.ip": Hex, "destination.port": Integer, "destination.mac": Integer, "destination.mask": Integer, "ingress.interface": Integer, "egress.interface": Integer, "tcp_flags": Integer, "next_hop.ip": Hex, "tos": Integer, } )
type Flow ¶
type Flow struct {
Namespace string
FlowType FlowType
SequenceNum uint32
SamplingRate uint64
Direction uint32
// Exporter information
ExporterAddr []byte
// Flow time
StartTimestamp uint64 // in seconds
EndTimestamp uint64 // in seconds
// Size of the sampled packet
Bytes uint64
Packets uint64
// Source/destination addresses
SrcAddr []byte // FLOW KEY
DstAddr []byte // FLOW KEY
// Layer 3 protocol (IPv4/IPv6/ARP/MPLS...)
EtherType uint32
// Layer 4 protocol
IPProtocol uint32 // FLOW KEY
// Flags
TCPFlags uint32 `json:"tcp_flags"`
// Ports for UDP and TCP
// Port number can be zero/positive or `-1` (ephemeral port)
SrcPort int32 // FLOW KEY
DstPort int32 // FLOW KEY
// SNMP Interface Index
InputInterface uint32 // FLOW KEY
OutputInterface uint32
// Mac Address
SrcMac uint64
DstMac uint64
// Mask
SrcMask uint32
DstMask uint32
// Reverse DNS enrichment added during Flow aggregation processing
SrcReverseDNSHostname string
DstReverseDNSHostname string
// Ethernet information
Tos uint32 // FLOW KEY
NextHop []byte // FLOW KEY
// Configured fields
AdditionalFields AdditionalFields
}
Flow contains flow info used for aggregation json annotations are used in AsJSONString() for debugging purpose
func (*Flow) AggregationHash ¶
AggregationHash return a hash used as aggregation key
type FlowMessageWithAdditionalFields ¶
type FlowMessageWithAdditionalFields struct {
*flowmessage.FlowMessage
AdditionalFields AdditionalFields
}
FlowMessageWithAdditionalFields contains a goflow flowmessage and additional fields
type FlowType ¶
type FlowType string
FlowType represent the flow protocol (netflow5,netflow9,ipfix, sflow, etc)
type FlowTypeDetail ¶
type FlowTypeDetail struct {
// contains filtered or unexported fields
}
FlowTypeDetail represent the flow protocol (netflow5,netflow9,ipfix, sflow, etc)
func GetFlowTypeByName ¶
func GetFlowTypeByName(name FlowType) (FlowTypeDetail, error)
GetFlowTypeByName search FlowTypeDetail by name
func (FlowTypeDetail) DefaultPort ¶
func (f FlowTypeDetail) DefaultPort() uint16
DefaultPort returns the default port
func (FlowTypeDetail) Name ¶
func (f FlowTypeDetail) Name() FlowType
Name returns the flow type name
Source Files
Click to show internal directories.
Click to hide internal directories.