Documentation
¶
Overview ¶
Package database keeps track of flow information
Index ¶
Constants ¶
const ( OpEqual = 0 OpUnequal = 1 OpSmaller = 2 OpGreater = 3 )
These constants are used in communication with the frontend
const ( FieldTimestamp = iota FieldAgent FieldFamily FieldSrcAddr FieldDstAddr FieldProtocol FieldIntIn FieldIntOut FieldNextHop FieldSrcAs FieldDstAs FieldNextHopAs FieldSrcPfx FieldDstPfx FieldSrcPort FieldDstPort FieldIntInName FieldIntOutName FieldMax )
These constants are only used internally
Variables ¶
This section is empty.
Functions ¶
func GetBreakdownLabels ¶
func GetBreakdownLabels() []string
GetBreakdownLabels returns a sorted list of known breakdown labels
func GetFieldByName ¶
GetFieldByName returns the internal number of a field
Types ¶
type BreakdownFlags ¶
type BreakdownFlags struct {
Family bool
SrcAddr bool
DstAddr bool
Protocol bool
IntIn bool
IntOut bool
NextHop bool
SrcAsn bool
DstAsn bool
NextHopAsn bool
SrcPfx bool
DstPfx bool
SrcPort bool
DstPort bool
IntInName bool
IntOutName bool
}
BreakdownFlags defines by what fields data should be broken down in a query
func (*BreakdownFlags) Count ¶
func (bf *BreakdownFlags) Count() (count int)
Count returns the number of enabled breakdown flags
func (*BreakdownFlags) Set ¶
func (bf *BreakdownFlags) Set(keys []string) error
Set enables the flags in the given list
type BreakdownKey ¶
BreakdownKey is the key used for the brakedown map
func (*BreakdownKey) Join ¶
func (bk *BreakdownKey) Join(format string) string
Join formats the keys and joins them with commas
type BreakdownMap ¶
type BreakdownMap map[BreakdownKey]uint64
BreakdownMap maps breakdown keys to values
type FlowDatabase ¶
FlowDatabase represents a flow database object
func New ¶
func New(aggregation int64, maxAge int64, numAddWorker int, debug int, compLevel int, storage string, anonymize bool, intfMapper intfmapper.IntfMapperInterface, agentsNameByIP map[string]string, iana *iana.IANA) *FlowDatabase
New creates a new FlowDatabase and returns a pointer to it
func (*FlowDatabase) Add ¶
func (fdb *FlowDatabase) Add(fl *netflow.Flow)
Add adds flow `fl` to database fdb
func (*FlowDatabase) AggregationPeriod ¶
func (fdb *FlowDatabase) AggregationPeriod() int64
AggregationPeriod returns the configured aggregation period
func (*FlowDatabase) CleanUp ¶
func (fdb *FlowDatabase) CleanUp()
CleanUp deletes all flows from database `fdb` that are older than `maxAge` seconds
func (*FlowDatabase) CurrentTimeslot ¶
func (fdb *FlowDatabase) CurrentTimeslot() int64
CurrentTimeslot returns the beginning of the current timeslot
func (*FlowDatabase) Dumper ¶
func (fdb *FlowDatabase) Dumper()
Dumper dumps all flows in `fdb` to hard drive that haven't been dumped yet
type FlowsByTimeRtr ¶
FlowsByTimeRtr holds all keys (and thus is the only way) to our flows
type Query ¶
type Query struct {
Cond Conditions
Breakdown BreakdownFlags
TopN int
}
Query is the internal representation of a query
type Result ¶
type Result struct {
TopKeys map[BreakdownKey]void
Timestamps []int64 // sorted timestamps
Data map[int64]BreakdownMap // timestamps -> keys -> values
Aggregation int64
}
Result is the result of a query
type TimeGroup ¶
type TimeGroup struct {
Any *mapTree // Workaround: Why a map? Because: cannot assign to flows[fl.Timestamp][rtr].Any
SrcAddr *mapTree
DstAddr *mapTree
Protocol *mapTree
IntIn *mapTree
IntOut *mapTree
NextHop *mapTree
SrcAs *mapTree
DstAs *mapTree
NextHopAs *mapTree
SrcPfx *mapTree
DstPfx *mapTree
SrcPort *mapTree
DstPort *mapTree
InterfaceIDByName intfmapper.InterfaceIDByName
}
TimeGroup groups all indices to flows of a particular router at a particular time into one object
Source Files