common

package
v0.9.1-0...-94679d8 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 9, 2024 License: Apache-2.0 Imports: 6 Imported by: 0

Documentation

Overview

Package common provides a flow type and a few standard helpers.

Index

Constants

View Source
const (
	// DefaultStopTimeout is the default stop timeout in seconds
	DefaultStopTimeout = 5

	// DefaultAggregatorFlushInterval is the default flush interval in seconds
	DefaultAggregatorFlushInterval = 300 // 5min

	// DefaultAggregatorBufferSize is the default aggregator buffer size interval
	DefaultAggregatorBufferSize = 10000

	// DefaultAggregatorPortRollupThreshold is the default aggregator port rollup threshold
	DefaultAggregatorPortRollupThreshold = 10

	// DefaultAggregatorRollupTrackerRefreshInterval is the default aggregator rollup tracker refresh interval
	DefaultAggregatorRollupTrackerRefreshInterval = 300 // 5min

	// DefaultBindHost is the default bind host used for flow listeners
	DefaultBindHost = "0.0.0.0"

	// DefaultPrometheusListenerAddress is the default goflow prometheus listener address
	DefaultPrometheusListenerAddress = "localhost:9090"
)

Variables

View Source
var FlowTypeDetails = map[FlowType]FlowTypeDetail{
	TypeIPFIX: {
		// contains filtered or unexported fields
	},
	TypeSFlow5: {
		// contains filtered or unexported fields
	},
	TypeNetFlow5: {
		// contains filtered or unexported fields
	},
	TypeNetFlow9: {
		// contains filtered or unexported fields
	},
}

FlowTypeDetails contain list of valid FlowTypeDetail

Functions

func IsEqualFlowContext

func IsEqualFlowContext(a Flow, b Flow) bool

IsEqualFlowContext check if the flow and another flow have equal values for all fields used in `AggregationHash`. This method is used for hash collision detection.

func Max

func Max[T cmp.Ordered](a T, b T) T

Max returns the larger of two items, for any ordered type.

func Min

func Min[T cmp.Ordered](a T, b T) T

Min returns the smaller of two items, for any ordered type.

Types

type AdditionalFields

type AdditionalFields = map[string]any

AdditionalFields holds additional fields collected

type EndianType

type EndianType string

EndianType is used to configure additional fields endianness

var (
	// BigEndian is used to configure a big endian additional field
	BigEndian EndianType = "big"
	// LittleEndian is used to configure a little endian additional field
	LittleEndian EndianType = "little"
)

type FieldType

type FieldType string

FieldType is used to configure additional fields data type

var (
	// String type is used to configure a textual additional field
	String FieldType = "string"
	// Integer type is used to configure an integer additional field
	Integer FieldType = "integer"
	// Hex type is used to configure a hex additional field
	Hex FieldType = "hex"
	// DefaultFieldTypes contains types for default payload fields
	DefaultFieldTypes = map[string]FieldType{
		"direction":         Integer,
		"start":             Integer,
		"end":               Integer,
		"bytes":             Integer,
		"packets":           Integer,
		"ether_type":        Integer,
		"ip_protocol":       Integer,
		"exporter.ip":       Hex,
		"source.ip":         Hex,
		"source.port":       Integer,
		"source.mac":        Integer,
		"source.mask":       Integer,
		"destination.ip":    Hex,
		"destination.port":  Integer,
		"destination.mac":   Integer,
		"destination.mask":  Integer,
		"ingress.interface": Integer,
		"egress.interface":  Integer,
		"tcp_flags":         Integer,
		"next_hop.ip":       Hex,
		"tos":               Integer,
	}
)

type Flow

type Flow struct {
	Namespace    string
	FlowType     FlowType
	SequenceNum  uint32
	SamplingRate uint64
	Direction    uint32

	// Exporter information
	ExporterAddr []byte

	// Flow time
	StartTimestamp uint64 // in seconds
	EndTimestamp   uint64 // in seconds

	// Size of the sampled packet
	Bytes   uint64
	Packets uint64

	// Source/destination addresses
	SrcAddr []byte // FLOW KEY
	DstAddr []byte // FLOW KEY

	// Layer 3 protocol (IPv4/IPv6/ARP/MPLS...)
	EtherType uint32

	// Layer 4 protocol
	IPProtocol uint32 // FLOW KEY

	// Flags
	TCPFlags uint32 `json:"tcp_flags"`

	// Ports for UDP and TCP
	// Port number can be zero/positive or `-1` (ephemeral port)
	SrcPort int32 // FLOW KEY
	DstPort int32 // FLOW KEY

	// SNMP Interface Index
	InputInterface  uint32 // FLOW KEY
	OutputInterface uint32

	// Mac Address
	SrcMac uint64
	DstMac uint64

	// Mask
	SrcMask uint32
	DstMask uint32

	// Reverse DNS enrichment added during Flow aggregation processing
	SrcReverseDNSHostname string
	DstReverseDNSHostname string

	// Ethernet information
	Tos uint32 // FLOW KEY

	NextHop []byte // FLOW KEY

	// Configured fields
	AdditionalFields AdditionalFields
}

Flow contains flow info used for aggregation json annotations are used in AsJSONString() for debugging purpose

func (*Flow) AggregationHash

func (f *Flow) AggregationHash() uint64

AggregationHash return a hash used as aggregation key

type FlowMessageWithAdditionalFields

type FlowMessageWithAdditionalFields struct {
	*flowmessage.FlowMessage
	AdditionalFields AdditionalFields
}

FlowMessageWithAdditionalFields contains a goflow flowmessage and additional fields

type FlowType

type FlowType string

FlowType represent the flow protocol (netflow5,netflow9,ipfix, sflow, etc)

const (
	TypeIPFIX    FlowType = "ipfix"
	TypeSFlow5   FlowType = "sflow5"
	TypeNetFlow5 FlowType = "netflow5"
	TypeNetFlow9 FlowType = "netflow9"
	TypeUnknown  FlowType = "unknown"
)

Flow Types

func GetAllFlowTypes

func GetAllFlowTypes() []FlowType

GetAllFlowTypes returns all flow names

type FlowTypeDetail

type FlowTypeDetail struct {
	// contains filtered or unexported fields
}

FlowTypeDetail represent the flow protocol (netflow5,netflow9,ipfix, sflow, etc)

func GetFlowTypeByName

func GetFlowTypeByName(name FlowType) (FlowTypeDetail, error)

GetFlowTypeByName search FlowTypeDetail by name

func (FlowTypeDetail) DefaultPort

func (f FlowTypeDetail) DefaultPort() uint16

DefaultPort returns the default port

func (FlowTypeDetail) Name

func (f FlowTypeDetail) Name() FlowType

Name returns the flow type name

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL