Documentation
¶
Index ¶
- Constants
- Variables
- func GetNetFlowSizes(netFlow Netflow) string
- func IsValidNetFlow(payload []byte, nfVersion int) (bool, error)
- func UpdateTimeStamp(payload []byte) ([]byte, error)
- type DataAny
- type DataFlowSet
- type DataItem
- type Field
- type FlowTracker
- type GenericFlow
- type Header
- type Netflow
- type Template
- type TemplateFlowSet
Constants ¶
const ( IN_BYTES = 1 IN_PKTS = 2 FLOWS = 3 PROTOCOL = 4 SRC_TOS = 5 TCP_FLAGS = 6 L4_SRC_PORT = 7 IPV4_SRC_ADDR = 8 SRC_MASK = 9 INPUT_SNMP = 10 L4_DST_PORT = 11 IPV4_DST_ADDR = 12 DST_MASK = 13 OUTPUT_SNMP = 14 IPV4_NEXT_HOP = 15 SRC_AS = 16 DST_AS = 17 BGP_IPV4_NEXT_HOP = 18 MUL_DST_PKTS = 19 MUL_DST_BYTES = 20 LAST_SWITCHED = 21 FIRST_SWITCHED = 22 OUT_BYTES = 23 OUT_PKTS = 24 MIN_PKT_LNGTH = 25 MAX_PKT_LNGTH = 26 IPV6_SRC_ADDR = 27 IPV6_DST_ADDR = 28 IPV6_SRC_MASK = 29 IPV6_DST_MASK = 30 IPV6_FLOW_LABEL = 31 ICMP_TYPE = 32 MUL_IGMP_TYPE = 33 SAMPLING_INTERVAL = 34 SAMPLING_ALGORITHM = 35 FLOW_ACTIVE_TIMEOUT = 36 FLOW_INACTIVE_TIMEOUT = 37 ENGINE_TYPE = 38 ENGINE_ID = 39 TOTAL_BYTES_EXP = 40 TOTAL_PKTS_EXP = 41 TOTAL_FLOWS_EXP = 42 IPV4_SRC_PREFIX = 44 IPV4_DST_PREFIX = 45 MPLS_TOP_LABEL_TYPE = 46 MPLS_TOP_LABEL_IP_ADDR = 47 FLOW_SAMPLER_ID = 48 FLOW_SAMPLER_MODE = 49 FLOW_SAMPLER_RANDOM_INTERVAL = 50 MIN_TTL = 52 MAX_TTL = 53 IPV4_IDENT = 54 DST_TOS = 55 IN_SRC_MAC = 56 OUT_DST_MAC = 57 SRC_VLAN = 58 DST_VLAN = 59 IP_PROTOCOL_VERSION = 60 DIRECTION = 61 IPV6_NEXT_HOP = 62 BGP_IPV6_NEXT_HOP = 63 IPV6_OPTION_HEADERS = 64 MPLS_LABEL_1 = 70 MPLS_LABEL_2 = 71 MPLS_LABEL_3 = 72 MPLS_LABEL_4 = 73 MPLS_LABEL_5 = 74 MPLS_LABEL_6 = 75 MPLS_LABEL_7 = 76 MPLS_LABEL_8 = 77 MPLS_LABEL_9 = 78 MPLS_LABEL_10 = 79 IN_DST_MAC = 80 OUT_SRC_MAC = 81 IF_NAME = 82 IF_DESC = 83 SAMPLER_NAME = 84 IN_PERMANENT_BYTES = 85 IN_PERMANENT_PKTS = 86 FRAGMENT_OFFSET = 88 FORWARDING_STATUS = 89 MPLS_PAL_RD = 90 MPLS_PREFIX_LEN = 91 SRC_TRAFFIC_INDEX = 92 DST_TRAFFIC_INDEX = 93 APPLICATION_DESCRIPTION = 94 APPLICATION_TAG = 95 APPLICATION_NAME = 96 )
Constants for Field Types
Variables ¶
var StartTime = time.Now().UnixNano()
StartTime Start time for this instance, used to compute sysUptime
Functions ¶
func GetNetFlowSizes ¶
GetNetFlowSizes Gets the size of a given Netflow and returns it as a String
func IsValidNetFlow ¶ added in v0.4.1
IsValidNetFlow validates that the given payload has a netflow v9 header
func UpdateTimeStamp ¶ added in v0.4.2
UpdateTimeStamp will change the time to current timestamp
Types ¶
type DataFlowSet ¶
DataFlowSet for Netflow
func (*DataFlowSet) Generate ¶
func (d *DataFlowSet) Generate(flowCount int, srcRange string, dstRange string, flowSrcPort int, flowTracker *FlowTracker) DataFlowSet
Generate a DataFlowSet. Per Netflow v9 spec, FlowSetID is *always* set to the TemplateID from a given TemplateFlowSet. Hardcoded TemplateID to 256, but could be variable as long as it is greater than 255 Currently hardcoded to generate random src/dst IPs from 10.0.0.0/8.
type FlowTracker ¶ added in v0.4.0
FlowTracker is used to track the start time and the flow sequence
func (*FlowTracker) GetStartTime ¶ added in v0.4.0
func (ft *FlowTracker) GetStartTime() int64
func (*FlowTracker) Init ¶ added in v0.4.0
func (ft *FlowTracker) Init() FlowTracker
Init FlowTracker starts a new counter
func (*FlowTracker) NextSeq ¶ added in v0.4.0
func (ft *FlowTracker) NextSeq() uint32
type GenericFlow ¶ added in v0.4.1
type GenericFlow struct {
InBytes uint32
OutBytes uint32
InPkts uint32
OutPkts uint32
Ipv4SrcAddr uint32
Ipv4DstAddr uint32
L4SrcPort uint16
L4DstPort uint16
Protocol uint8
TcpFlags uint8
FirstSwitched uint32
LastSwitched uint32
EngineType uint8
EngineID uint8
}
GenericFlow is ued to create and generate HTTPS Flows
func (*GenericFlow) Generate ¶ added in v0.4.1
func (gf *GenericFlow) Generate(srcIP net.IP, dstIP net.IP, flowSrcPort int, flowTracker *FlowTracker) GenericFlow
Generate returns HTTPS Flow with randomly generated payload
func (*GenericFlow) GetTemplateFields ¶ added in v0.4.1
func (gf *GenericFlow) GetTemplateFields() []Field
GetTemplateFields returns the Fields for the Template to be used.
type Header ¶
type Header struct {
Version uint16
FlowCount uint16
SysUptime uint32
UnixSec uint32
FlowSequence uint32
SourceID uint32
}
Header NetflowHeader v9
type Netflow ¶
type Netflow struct {
Header Header
TemplateFlowSets []TemplateFlowSet
DataFlowSets []DataFlowSet
}
Netflow complete record
func GenerateDataNetflow ¶
func GenerateDataNetflow(flowCount int, sourceID int, srcRange string, dstRange string, flowSrcPort int, flowTracker *FlowTracker) Netflow
GenerateDataNetflow Generates a Netflow containing Data flows
func GenerateNetflow ¶
func GenerateNetflow(flowCount int, sourceID int, srcRange string, dstRange string, flowTracker *FlowTracker) Netflow
GenerateNetflow Generates a combined Template and Data flow Netflow struct. Not required by spec, but can be done.
func GenerateTemplateNetflow ¶
func GenerateTemplateNetflow(sourceID int, flowTracker *FlowTracker) Netflow
GenerateTemplateNetflow Generates a Netflow containing Template flow
type TemplateFlowSet ¶
type TemplateFlowSet struct {
FlowSetID uint16 // seems to always be 0???
Length uint16
Templates []Template
}
TemplateFlowSet for Netflow
func (*TemplateFlowSet) Generate ¶
func (t *TemplateFlowSet) Generate() TemplateFlowSet
Generate a TemplateFlowSet. Per Netflow v9 spec, FlowSetID is *always* 0 for a TemplateFlow. Hardcoded TemplateID to 256, but could be variable as long as it is greater than 255 TODO: Hardcoded FieldCount and Fields for HTTPS Flow. Need to work on Generating different flows
Source Files