results

package
v4.1.14 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 11, 2025 License: GPL-2.0 Imports: 16 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	// ErrorNoResults denotes that no results were returned from a query
	ErrorNoResults = errors.New("query returned no results")

	// ErrorDataMissing denotes that there was no data to be queried
	ErrorDataMissing = errors.New("no data available for the specified interface(s) / time range (maybe goProbe was not running)")
)

Functions

func By 

func By(sort SortOrder, direction types.Direction, ascending bool) by

By is part of the sort.Interface

Types

type Attributes 

type Attributes struct {
	SrcIP   netip.Addr `json:"sip,omitempty" doc:"Source IP" example:"10.81.45.1"`   // SrcIP: the source IP address
	DstIP   netip.Addr `json:"dip,omitempty" doc:"Destination IP" example:"8.8.8.8"` // DstIP: the destination IP address
	IPProto uint8      `json:"proto,omitempty" doc:"IP protocol number" example:"6"` // IPProto: the IP protocol number
	DstPort uint16     `json:"dport,omitempty" doc:"Destination port" example:"80"`  // DstPort: the destination port
}

Attributes are traffic attributes by which the goDB can be aggregated

func (Attributes) Less 

func (a Attributes) Less(a2 Attributes) bool

Less returns wether the set of attributes a sorts before a2

func (Attributes) MarshalJSON 

func (a Attributes) MarshalJSON() ([]byte, error)

MarshalJSON marshals an attribute set into a JSON byte slice

func (Attributes) String 

func (a Attributes) String() string

String prints all result attributes

type CSVFormatter 

type CSVFormatter struct{}

CSVFormatter writes lines in CSV format

func (CSVFormatter) Count 

func (CSVFormatter) Count(c uint64) string

Count prints c as string

func (CSVFormatter) Duration 

func (CSVFormatter) Duration(d time.Duration) string

Duration prints the string representation of duration

func (CSVFormatter) Float 

func (CSVFormatter) Float(f float64) string

Float string formats f

func (CSVFormatter) Size 

func (CSVFormatter) Size(s uint64) string

Size prints the integers size

func (CSVFormatter) String 

func (CSVFormatter) String(s string) string

String returns s

func (CSVFormatter) Time 

func (CSVFormatter) Time(epoch int64) string

Time prints epoch as string

type CSVTablePrinter 

type CSVTablePrinter struct {
	// contains filtered or unexported fields
}

CSVTablePrinter writes out all flows in CSV format

func NewCSVTablePrinter 

func NewCSVTablePrinter(b basePrinter) *CSVTablePrinter

NewCSVTablePrinter creates a new CSVTablePrinter

func (*CSVTablePrinter) AddRow 

func (c *CSVTablePrinter) AddRow(row Row) error

AddRow writes a row to the CSVTablePrinter

func (*CSVTablePrinter) AddRows 

func (c *CSVTablePrinter) AddRows(ctx context.Context, rows Rows) error

AddRows adds several flow entries to the CSVTablePrinter

func (*CSVTablePrinter) Footer 

func (c *CSVTablePrinter) Footer(_ context.Context, result *Result) error

Footer appends the CSV footer to the CSVTablePrinter

func (*CSVTablePrinter) Print 

func (c *CSVTablePrinter) Print(_ *Result) error

Print flushes the writer and actually prints out all CSV rows contained in the table printer

type ExtendedAttributes 

type ExtendedAttributes struct {
	SrcPort uint16 `json:"sport,omitempty"` // SrcPort: the source port
	Attributes
}

ExtendedAttributes includes the source port. It is meant to be used if (and only if) the source port is still available (such as in the flow log)

type ExtendedRow 

type ExtendedRow struct {
	// Labels are the partition Attributes
	Labels Labels `json:"l,omitempty"`

	// Attributes store ExtendedAttributes which can be grouped by
	Attributes ExtendedAttributes `json:"a"`

	// Counters for bytes/packets
	Counters types.Counters `json:"c"`
}

ExtendedRow is a human-readable, aggregatable representation of goProbe's active flow data

type FooterPrinter 

type FooterPrinter interface {
	PrintFooter(fw *FooterTabwriter) error
}

FooterPrinter allows a type to print to the Footer

type FooterTabwriter 

type FooterTabwriter struct {
	*tabwriter.Writer
}

FooterTabwriter is a specific tabwriter for the results footer

func NewFooterTabwriter 

func NewFooterTabwriter(w io.Writer) *FooterTabwriter

NewFooterTabwriter returns a new FooterTabwriter

func (*FooterTabwriter) Flush 

func (fw *FooterTabwriter) Flush() error

Flush flushes the footer writer

func (*FooterTabwriter) WriteEntry 

func (fw *FooterTabwriter) WriteEntry(key, msg string, args ...any) error

WriteEntry writes a new entry to the footer

type Formatter 

type Formatter interface {
	// Size deals with data sizes (i.e. bytes)
	Size(uint64) string
	Duration(time.Duration) string
	Count(uint64) string
	Float(float64) string
	Time(epoch int64) string
	// String is needed because some formats escape strings
	String(string) string
}

Formatter provides methods for printing various types/units of values. Each output format has an associated Formatter implementation, for instance for csv, there is CSVFormatter.

type Hits 

type Hits struct {
	// Displayed: how many flow records were returned in Rows that are displayed
	Displayed int `json:"displayed" doc:"Number of flow records in Rows displayed/returned" example:"25"`
	// Total: how many flow records matching the condition were found in total
	Total int `json:"total" doc:"Total number of flow records matching the condition" example:"1034"`
}

Hits stores how many flow records were returned in total and how many are returned in Rows

func (Hits) String 

func (h Hits) String() string

String prints the statistics

type HostStatus 

type HostStatus struct {
	Hostname string
	Status
}

HostStatus bundles the Hostname with the Status for that Hostname

type HostsStatuses 

type HostsStatuses map[string]Status

HostsStatuses captures the query status for every host queried

func (HostsStatuses) GetErrorStatuses 

func (hs HostsStatuses) GetErrorStatuses() (errorHosts []HostStatus)

GetErrorStatuses returns all hosts which ran into an error during querying

func (HostsStatuses) Print 

func (hs HostsStatuses) Print(w io.Writer) error

Print adds the status of all hosts to the output / writer

func (HostsStatuses) PrintFooter 

func (hs HostsStatuses) PrintFooter(fw *FooterTabwriter) error

PrintFooter prints the queried hosts summary (total, ok, empty, error)

func (HostsStatuses) SetErr 

func (hs HostsStatuses) SetErr(host string, err error)

SetErr will set the error in the status and add it to the hosts statuses

func (HostsStatuses) Summary 

func (hs HostsStatuses) Summary() string

Summary returns a summary of the host statuses without going through the individual statuses

type Interfaces 

type Interfaces []string

Interfaces collects all interface names

func (Interfaces) Print 

func (is Interfaces) Print(w io.Writer) error

Print prints the sorted interface list in a table with numbered rows

func (Interfaces) Summary 

func (is Interfaces) Summary() string

Summary returns a summary of the interfaces without listing them explicitly

type Labels 

type Labels struct {
	// Timestamp: the timestamp of the 5-minute interval storing the flow record
	Timestamp time.Time `` /* 133-byte string literal not displayed */
	// Iface: the interface on which the flow was observed
	Iface string `json:"iface,omitempty" doc:"Interface on which the flow was observed" example:"eth0"`
	// Hostname: the hostname of the host on which the flow was observed
	Hostname string `json:"host,omitempty" doc:"Hostname of the host on which the flow was observed" example:"hostA"`
	// HostID: the host id of the host on which the flow was observed
	HostID string `json:"host_id,omitempty" doc:"ID of the host on which the flow was observed" example:"123456"`
}

Labels hold labels by which the goDB database is partitioned

func (Labels) Less 

func (l Labels) Less(l2 Labels) bool

Less returns wether the set of labels l sorts before l2

func (Labels) MarshalJSON 

func (l Labels) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaler interface. It makes sure that empty timestamps don't show up in the json output

func (Labels) String 

func (l Labels) String() string

String prints all result labels

type MergeableAttributes 

type MergeableAttributes struct {
	Labels
	Attributes
}

MergeableAttributes bundles all fields of a Result by which aggregation/merging is possible

type OutputColumn 

type OutputColumn int

OutputColumn ranges over all possible output columns. Not every format prints every output column, e.g. the InfluxDBTablePrinter completely ignorowall percentages. 

const (
	// labels
	OutcolTime OutputColumn = iota
	OutcolHostname
	OutcolHostID
	OutcolIface
	// attributes
	OutcolSIP
	OutcolDIP
	OutcolDport
	OutcolProto
	// counters
	OutcolInPkts
	OutcolInPktsPercent
	OutcolInBytes
	OutcolInBytesPercent
	OutcolOutPkts
	OutcolOutPktsPercent
	OutcolOutBytes
	OutcolOutBytesPercent
	OutcolSumPkts
	OutcolSumPktsPercent
	OutcolSumBytes
	OutcolSumBytesPercent
	OutcolBothPktsRcvd
	OutcolBothPktsSent
	OutcolBothPktsPercent
	OutcolBothBytesRcvd
	OutcolBothBytesSent
	OutcolBothBytesPercent
	CountOutcol
)

Enumeration of all possible output columns

type PrinterConfig 

type PrinterConfig struct {
	Format        string
	SortOrder     SortOrder
	LabelSelector types.LabelSelector
	Direction     types.Direction

	Attributes []types.Attribute
	Totals     types.Counters
	NumFlows   int
	// contains filtered or unexported fields
}

PrinterConfig configures printer behavior

type PrinterOption 

type PrinterOption func(*PrinterConfig)

PrinterOption allows to configure the printer

func WithIPDomainMapping 

func WithIPDomainMapping(ipDomain map[string]string, resolutionTimeout time.Duration) PrinterOption

WithIPDomainMapping adds DNS resolution capabilities to the printer

func WithQueryStats 

func WithQueryStats(b bool) PrinterOption

WithQueryStats sets whether detailed query statistics should be printed in footer

type Query 

type Query struct {
	// Attributes: the attributes that were queried
	Attributes []string `json:"attributes" doc:"Attributes which were queried" example:"sip,dip,dport"`
	// Condition: the condition that was provided
	Condition string `json:"condition,omitempty" doc:"Condition which was provided" example:"port=80 && proto=TCP"`
}

Query stores the kind of query that was run

func (Query) PrintFooter 

func (q Query) PrintFooter(fw *FooterTabwriter) error

PrintFooter prints the conditions of the query in case they are available

type Result 

type Result struct {
	// Hostname: from which the result originated
	Hostname string `json:"hostname,omitempty" doc:"Hostname from which the result originated" example:"hostA"`

	// Status: the overall status of the result
	Status Status `json:"status" doc:"Status of the result"`
	// HostsStatuses: the status of all hosts queried
	HostsStatuses HostsStatuses `json:"hosts_statuses" doc:"Statuses of all hosts queried"`

	// Summary: the total traffic volume and packets observed over the queried range and the interfaces that were queried
	Summary Summary `json:"summary" doc:"Traffic totals and query statistics"`
	// Query: the kind of query that was run
	Query Query `json:"query" doc:"Query which was run"`
	// Rows: the data rows returned
	Rows Rows `json:"rows" doc:"Data rows returned"`
	// contains filtered or unexported fields
}

Result bundles the data rows returned and the query meta information

func New 

func New() *Result

New instantiates a new result

func (*Result) End 

func (r *Result) End()

End prepares the end of the result

func (*Result) Err 

func (r *Result) Err() error

Err returns the error in case the result carries one

func (*Result) SetErr 

func (r *Result) SetErr(err error)

SetErr will set the error in the result and add it to the hosts statuses for the current hostname

func (*Result) Start 

func (r *Result) Start()

Start prepares the beginning of the result

type Row 

type Row struct {
	// Labels are the partition Attributes
	Labels Labels `json:"labels,omitempty" doc:"Labels / partitions the row belongs to"`

	// Attributes which can be grouped by
	Attributes Attributes `json:"attributes" doc:"Query attributes by which flows are grouped"`

	// Counters for bytes/packets
	Counters types.Counters `json:"counters" doc:"Flow counters"`
}

Row is a human-readable, aggregatable representation of goDB's data

func (*Row) Less 

func (r *Row) Less(r2 *Row) bool

Less returns wether the row r sorts before r2

func (*Row) String 

func (r *Row) String() string

String prints a single result

type Rows 

type Rows []Row

Rows is a list of results

type RowsMap 

type RowsMap map[MergeableAttributes]types.Counters

RowsMap is an aggregated representation of a Rows list

func (RowsMap) MergeRows 

func (rm RowsMap) MergeRows(r Rows) (merged int)

MergeRows aggregates Rows by use of the RowsMap rm, which is modified in the process

func (RowsMap) MergeRowsMap 

func (rm RowsMap) MergeRowsMap(om RowsMap) (merged int)

MergeRowsMap aggregates all results of om and stores them in rm

func (RowsMap) ToRows 

func (rm RowsMap) ToRows() Rows

ToRows produces a flat list of Rows from rm. Due to randomized map access, this list will _not_ be in any particular order. Use ToRowsSorted if you rely on order instead

func (RowsMap) ToRowsSorted 

func (rm RowsMap) ToRowsSorted(order by) Rows

ToRowsSorted uses the available sorting functions for Rows to produce a sorted Rows list from rm

type SortOrder 

type SortOrder int

SortOrder indicates by what the entries are sorted. 

const (
	SortUnknown SortOrder = iota
	SortPackets
	SortTraffic
	SortTime
)

Enumeration of different sort orders

func SortOrderFromString 

func SortOrderFromString(s string) SortOrder

SortOrderFromString is the inverse operation to SortOrder.String()

func (*SortOrder) MarshalJSON 

func (s *SortOrder) MarshalJSON() ([]byte, error)

MarshalJSON implements the Marshaler interface for sort order

func (SortOrder) String 

func (s SortOrder) String() string

String implement human-readable printing of the sort order

func (*SortOrder) UnmarshalJSON 

func (s *SortOrder) UnmarshalJSON(b []byte) error

UnmarshalJSON implements the Unmarshaler interface

type Status 

type Status struct {
	Code    types.Status `json:"code" doc:"Status code" enum:"empty,error,missing_data,ok" example:"empty"`         // Code: the status code
	Message string       `json:"message,omitempty" doc:"Optional status description" example:"no results returned"` // Message: an optional message
}

Status denotes the overall status of the result

type Summary 

type Summary struct {
	// Interfaces: the interfaces that were queried
	Interfaces Interfaces `json:"interfaces" doc:"Interfaces which were queried" example:"eth0,eth1"`
	TimeRange
	// Totals: the total traffic volume and packets observed over the queried range
	Totals types.Counters `json:"totals" doc:"Total traffic volume and packets observed over the queried time range"`
	// Timings: query runtime fields
	Timings Timings `json:"timings" doc:"Query runtime fields"`
	// Hits: how many flow records were returned in total and how many are returned in Rows
	Hits Hits `json:"hits" doc:"Flow records returned in total and records present in rows"`
	// DataAvailable: Was there any data available on disk or from a live query at all
	DataAvailable bool `json:"data_available" doc:"Was there any data available to query at all"`
	// Stats tracks interactions with the underlying DB data
	Stats *workload.Stats `json:"stats,omitempty" doc:"Stats tracks interactions with the underlying DB data"`
}

Summary stores the total traffic volume and packets observed over the queried range and the interfaces that were queried

type TablePrinter 

type TablePrinter interface {
	AddRow(row Row) error
	AddRows(ctx context.Context, rows Rows) error
	Footer(ctx context.Context, result *Result) error
	Print(result *Result) error
}

TablePrinter provides an interface for printing output tables in various formats, e.g. JSON, CSV, and nicely aligned human readable text.

You will typically want to call AddRow() for each entry you want to print (in order). When you've added all rows, you can add a footer or summary with Footer. Not all implementations use all the arguments provided to Footer(). Lastly, you should call Print() to make sure that all data is printed.

Note that some impementations may start printing data before you call Print().

func NewTablePrinter 

func NewTablePrinter(output io.Writer, cfg *PrinterConfig) (TablePrinter, error)

NewTablePrinter instantiates a new table printer

type TextFormatter 

type TextFormatter struct{}

TextFormatter table formats goProbe flows (goQuery's default)

func NewTextFormatter 

func NewTextFormatter() TextFormatter

NewTextFormatter returns a new TextFormatter

func (TextFormatter) Count 

func (TextFormatter) Count(val uint64) string

Count prints val in concise human-readable form (e.g. 1 K instead of 1000)

func (TextFormatter) Duration 

func (TextFormatter) Duration(d time.Duration) string

Duration prints out d in a human-readable duration format

func (TextFormatter) Float 

func (TextFormatter) Float(f float64) string

Float prints f rounded to two decimals

func (TextFormatter) Size 

func (TextFormatter) Size(size uint64) string

Size prints out size in a human-readable format (e.g. 10 MB)

func (TextFormatter) String 

func (TextFormatter) String(s string) string

String returns s

func (TextFormatter) Time 

func (TextFormatter) Time(epoch int64) string

Time formats epoch to "06-01-02 15:04:05"

type TextTablePrinter 

type TextTablePrinter struct {
	// contains filtered or unexported fields
}

TextTablePrinter pretty prints all flows

func NewTextTablePrinter 

func NewTextTablePrinter(b basePrinter, numFlows int, resolveTimeout time.Duration, printQueryStats bool) *TextTablePrinter

NewTextTablePrinter creates a new table printer

func (*TextTablePrinter) AddRow 

func (t *TextTablePrinter) AddRow(row Row) error

AddRow adds a flow entry to the table printer

func (*TextTablePrinter) AddRows 

func (t *TextTablePrinter) AddRows(ctx context.Context, rows Rows) error

AddRows adds several flow entries to the table printer

func (*TextTablePrinter) Footer 

func (t *TextTablePrinter) Footer(ctx context.Context, result *Result) error

Footer appends the summary to the table printer

func (*TextTablePrinter) Print 

func (t *TextTablePrinter) Print(result *Result) error

Print flushes the table printer and outputs all entries to stdout

func (*TextTablePrinter) PrintDetailedSummary 

func (t *TextTablePrinter) PrintDetailedSummary(result *Result) error

PrintDetailedSummary prints additional details in the summary, such as the full interface list or all host statuses

type TimeRange 

type TimeRange struct {
	// First is the start of the interval
	First time.Time `json:"time_first" doc:"Start of the queried interval" example:"2020-08-12T09:47:00+02:00"`
	// Last is the end of the interval
	Last time.Time `json:"time_last" doc:"End of the queried interval" example:"2024-04-12T09:47:00+02:00"`
}

TimeRange describes the interval for which data is queried and presented

func (TimeRange) PrintFooter 

func (tr TimeRange) PrintFooter(fw *FooterTabwriter) error

PrintFooter prints the timespan and duration covered

type Timings 

type Timings struct {
	// QueryStart: the time when the query started
	QueryStart time.Time `json:"query_start" doc:"Query start time"`
	// QueryDuration: the time it took to run the query in nanoseconds
	QueryDuration time.Duration `json:"query_duration_ns" doc:"Query runtime in nanoseconds" example:"235000000"`
	// ResolutionDuration: the time it took to resolve all IPs in nanoseconds
	ResolutionDuration time.Duration `json:"resolution,omitempty" doc:"DNS resolution time for all IPs in nanoseconds" example:"515000000"`
}

Timings summarizes query runtimes

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.