netflow9

package
v0.9.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 16, 2022 License: Apache-2.0 Imports: 15 Imported by: 1

Documentation

Overview

Package netflow9 decodes netflow version v9 packets

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Data

type Data struct {
	Template  TemplateRecord
	Timestamp int64
}

Data represents template records and updated timestamp

type DecodedField

type DecodedField struct {
	ID    uint16
	Value interface{}
}

DecodedField represents a decoded field

type Decoder

type Decoder struct {
	// contains filtered or unexported fields
}

Decoder represents Netflow payload and remote address

func NewDecoder

func NewDecoder(raddr net.IP, b []byte) *Decoder

NewDecoder constructs a decoder

func (*Decoder) Decode

func (d *Decoder) Decode(mem MemCache) (*Message, error)

Decode decodes the flow records

type MemCache

type MemCache []*TemplatesShard

MemCache represents templates shards

func GetCache

func GetCache(cacheFile string) MemCache

GetCache tries to load saved templates otherwise it constructs new empty shards

func (MemCache) Dump

func (m MemCache) Dump(cacheFile string) error

Dump saves the current templates to hard disk

type Message

type Message struct {
	AgentID  string
	Header   PacketHeader
	DataSets [][]DecodedField
}

Message represents Netflow decoded data

func (*Message) JSONMarshal

func (m *Message) JSONMarshal(b *bytes.Buffer) ([]byte, error)

JSONMarshal encodes netflow v9 message

type PacketHeader

type PacketHeader struct {
	Version   uint16 // Version of Flow Record format exported in this packet
	Count     uint16 // The total number of records in the Export Packet
	SysUpTime uint32 // Time in milliseconds since this device was first booted
	UNIXSecs  uint32 // Time in seconds since 0000 UTC 197
	SeqNum    uint32 // Incremental sequence counter of all Export Packets
	SrcID     uint32 // A 32-bit value that identifies the Exporter
}

PacketHeader represents Netflow v9 packet header

type SetHeader

type SetHeader struct {
	FlowSetID uint16 // FlowSet ID value 0:: template, 1:: options template, 255< :: data
	Length    uint16 // Total length of this FlowSet
}

SetHeader represents netflow v9 data flowset id and length

type TemplateFieldSpecifier

type TemplateFieldSpecifier struct {
	ElementID uint16
	Length    uint16
}

TemplateFieldSpecifier represents field properties

type TemplateHeader

type TemplateHeader struct {
	TemplateID     uint16 // Template ID
	FieldCount     uint16 // Number of fields in this Template Record
	OptionLen      uint16 // The length in bytes of any Scope field definition (Option)
	OptionScopeLen uint16 // The length in bytes of any options field definitions (Option)
}

TemplateHeader represents netflow v9 data template id and field count

type TemplateRecord

type TemplateRecord struct {
	TemplateID           uint16
	FieldCount           uint16
	FieldSpecifiers      []TemplateFieldSpecifier
	ScopeFieldCount      uint16
	ScopeFieldSpecifiers []TemplateFieldSpecifier
}

TemplateRecord represents template fields

type TemplatesShard

type TemplatesShard struct {
	Templates map[uint32]Data
	sync.RWMutex
}

TemplatesShard represents a shard

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL