README
¶
Flowdata
Documentation
¶
Overview ¶
Package flowdata contains conversions for processing IPFIX flow messages as emitted by vflow.
Index ¶
Constants ¶
View Source
const ( ProtocolUnknown = 0 ProtocolICMP4 = 1 ProtocolIGMP = 2 ProtocolIPv4 = 3 ProtocolTCP = 6 ProtocolUDP = 17 ProtocolIPv6 = 41 ProtocolGRE = 47 ProtocolESP = 50 ProtocolAH = 51 ProtocolICMP6 = 58 ProtocolL2TP = 115 ProtocolSCTP = 132 ProtocolUDPLite = 136 ProtocolMPLS = 137 ProtoNameUnknown = `unknown` ProtoNameICMP4 = `ICMP` ProtoNameIGMP = `IGMP` ProtoNameIPv4 = `IPv4` ProtoNameTCP = `TCP` ProtoNameUDP = `UDP` ProtoNameIPv6 = `IPv6` ProtoNameGRE = `GRE` ProtoNameESP = `ESP` ProtoNameAH = `AH` ProtoNameICMP6 = `IPv6-ICMP` ProtoNameL2TP = `L2TP` ProtoNameSCTP = `SCTP` ProtoNameUDPLite = `UDPLite` ProtoNameMPLS = `MPLS-in-IP` )
Variables ¶
View Source
var ProtocolNameByID = map[uint8]string{ ProtocolUnknown: ProtoNameUnknown, ProtocolICMP4: ProtoNameICMP4, ProtocolIGMP: ProtoNameIGMP, ProtocolIPv4: ProtoNameIPv4, ProtocolTCP: ProtoNameTCP, ProtocolUDP: ProtoNameUDP, ProtocolIPv6: ProtoNameIPv6, ProtocolGRE: ProtoNameGRE, ProtocolESP: ProtoNameESP, ProtocolAH: ProtoNameAH, ProtocolICMP6: ProtoNameICMP6, ProtocolL2TP: ProtoNameL2TP, ProtocolSCTP: ProtoNameSCTP, ProtocolUDPLite: ProtoNameUDPLite, ProtocolMPLS: ProtoNameMPLS, }
Functions ¶
Types ¶
type EncryptedRecord ¶
type EncryptedRecord struct {
RecordID string `json:"RecordID"`
SessionKeyID string `json:"keyID"`
Salt string `json:"salt"`
Signature string `json:"signature"`
Value string `json:"value"`
RawSalt []byte `json:"-"`
RawSignature []byte `json:"-"`
RawValue []byte `json:"-"`
}
EncryptedRecord is the struct for exporting encrypted data, with the value field containing an encrypted serialization of a plaintext struct
type Flags ¶
type IOC ¶
type IOC struct {
AgentID string `json:"AgentID"`
Address string `json:"Address"`
IPVersion uint8 `json:"IPVersion"`
Start time.Time `json:"DateTimeStart"`
End time.Time `json:"DateTimeEnd"`
}
IOC represents a stripped down version of the information contained inside a record, suitable for comparing against IOCs
type Key ¶
type Key struct {
ID string `json:"keyID"`
SlotMap uint16 `json:"-"`
Value []byte `json:"-"`
Salt []byte `json:"-"`
PublicKey []byte `json:"-"`
ExportSlotMap int `json:"decryptionSlotMap"`
ExportValue string `json:"encryptedKey"`
ExportSalt string `json:"salt"`
ExportPubKey string `json:"publicPeerKey"`
ExportSig string `json:"signature"`
}
Key represents a session keyfile record used to encrypt records
func (*Key) CalculateMAC ¶
CalculateMAC computes the Poly1305 MAC signature over the serialized export values
type Message ¶
type Plaintext ¶
type Plaintext struct {
RecordID string `json:"RecordID"`
SrcAddress string `json:"SrcAddress"`
DstAddress string `json:"DstAddress"`
}
Plaintext contains the sensitive information for encryption
type Record ¶
type Record struct {
OctetCount uint64 `json:"OctetCount"`
PacketCount uint64 `json:"PacketCount"`
ProtocolID uint8 `json:"ProtocolID"`
Protocol string `json:"Protocol,omitempty"`
IPVersion uint8 `json:"IPVersion"`
SrcAddress string `json:"SrcAddress"`
SrcPort uint16 `json:"SrcPort"`
DstAddress string `json:"DstAddress"`
DstPort uint16 `json:"DstPort"`
TcpControlBits Bitmask `json:"TcpControlBits"`
TcpFlags Flags `json:"TcpFlags"`
IngressIf uint32 `json:"-"`
EgressIf uint32 `json:"-"`
FlowDirection uint8 `json:"-"`
StartMilli time.Time `json:"StartDateTimeMilli"`
EndMilli time.Time `json:"EndDateTimeMilli"`
AgentID string `json:"AgentID"`
RecordID string `json:"RecordID"`
ExpIPv4Addr string `json:"-"`
ExpIPv6Addr string `json:"-"`
ExpPID uint32 `json:"-"`
}
func (Record) ExportPlaintext ¶
ExportPlaintext returns the record's data that will become encrypted
Source Files
Click to show internal directories.
Click to hide internal directories.