Documentation
¶
Index ¶
- Variables
- func ConvertNetFlowDataSet(flowMessage *ProtoProducerMessage, version uint16, baseTime uint32, ...) error
- func ConvertNetFlowLegacyRecord(flowMessage *ProtoProducerMessage, baseTime uint64, uptime uint32, ...)
- func CreateProtoProducer(cfg ProtoProducerConfig, samplingRateSystem func() SamplingRateSystem) (producer.ProducerInterface, error)
- func DateTimeNanoRenderer(msg *ProtoProducerMessage, fieldName string, data interface{}) interface{}
- func DateTimeRenderer(msg *ProtoProducerMessage, fieldName string, data interface{}) interface{}
- func DecodeNumber(b []byte, out interface{}) error
- func DecodeNumberLE(b []byte, out interface{}) error
- func DecodeUNumber(b []byte, out interface{}) error
- func DecodeUNumberLE(b []byte, out interface{}) error
- func EtypeRenderer(msg *ProtoProducerMessage, fieldName string, data interface{}) interface{}
- func ExtractTag(name, original string, tag reflect.StructTag) string
- func GetBytes(d []byte, offset, length int, shift bool) []byte
- func GetSFlowFlowSamples(packet *sflow.Packet) []interface{}
- func ICMPRenderer(msg *ProtoProducerMessage, fieldName string, data interface{}) interface{}
- func IPRenderer(msg *ProtoProducerMessage, fieldName string, data interface{}) interface{}
- func IcmpCodeType(proto, icmpCode, icmpType uint32) string
- func IsInt(k reflect.Kind) bool
- func IsUInt(k reflect.Kind) bool
- func MacRenderer(msg *ProtoProducerMessage, fieldName string, data interface{}) interface{}
- func MapCustom(flowMessage *ProtoProducerMessage, v []byte, cfg MappableField) error
- func MapCustomNetFlow(flowMessage *ProtoProducerMessage, df netflow.DataField, mapper TemplateMapper) error
- func NetFlowLookFor(dataFields []netflow.DataField, typeId uint16) (bool, interface{})
- func NetFlowPopulate(dataFields []netflow.DataField, typeId uint16, addr interface{}) (bool, error)
- func NetworkRenderer(msg *ProtoProducerMessage, fieldName string, data interface{}) interface{}
- func NilRenderer(msg *ProtoProducerMessage, fieldName string, data interface{}) interface{}
- func ParsePacket(flowMessage ProtoProducerMessageIf, data []byte, config PacketLayerMapper, ...) (err error)
- func ParseSampledHeader(flowMessage *ProtoProducerMessage, sampledHeader *sflow.SampledHeader) error
- func ParseSampledHeaderConfig(flowMessage *ProtoProducerMessage, sampledHeader *sflow.SampledHeader, ...) error
- func ProcessMessageIPFIXConfig(packet *netflow.IPFIXPacket, samplingRateSys SamplingRateSystem, ...) (flowMessageSet []producer.ProducerMessage, err error)
- func ProcessMessageNetFlowLegacy(packet *netflowlegacy.PacketNetFlowV5) ([]producer.ProducerMessage, error)
- func ProcessMessageNetFlowV9Config(packet *netflow.NFv9Packet, samplingRateSys SamplingRateSystem, ...) (flowMessageSet []producer.ProducerMessage, err error)
- func ProcessMessageSFlowConfig(packet *sflow.Packet, config ProtoProducerConfig) (flowMessageSet []producer.ProducerMessage, err error)
- func ProtoName(protoNumber uint32) string
- func ProtoRenderer(msg *ProtoProducerMessage, fieldName string, data interface{}) interface{}
- func RenderIP(addr []byte) string
- func SearchNetFlowDataSets(version uint16, baseTime uint32, uptime uint32, ...) (flowMessageSet []producer.ProducerMessage, err error)
- func SearchNetFlowDataSetsRecords(version uint16, baseTime uint32, uptime uint32, ...) (flowMessageSet []producer.ProducerMessage, err error)
- func SearchNetFlowLegacyRecords(baseTime uint64, uptime uint32, dataRecords []netflowlegacy.RecordsNetFlowV5) (flowMessageSet []producer.ProducerMessage)
- func SearchNetFlowOptionDataSets(dataFlowSet []netflow.OptionsDataFlowSet) (samplingRate uint32, found bool, err error)
- func SearchSFlowSampleConfig(flowMessage *ProtoProducerMessage, flowSample interface{}, config PacketMapper) error
- func SearchSFlowSamplesConfig(samples []interface{}, config PacketMapper) (flowMessageSet []producer.ProducerMessage, err error)
- func SplitIPFIXSets(packetIPFIX netflow.IPFIXPacket) ([]netflow.DataFlowSet, []netflow.TemplateFlowSet, ...)
- func SplitNetFlowSets(packetNFv9 netflow.NFv9Packet) ([]netflow.DataFlowSet, []netflow.TemplateFlowSet, ...)
- func StringRenderer(msg *ProtoProducerMessage, fieldName string, data interface{}) interface{}
- func WriteDecoded(o int64, out interface{}) error
- func WriteUDecoded(o uint64, out interface{}) error
- type BaseParserEnvironment
- func (e *BaseParserEnvironment) GetParser(name string) (info ParserInfo, ok bool)
- func (e *BaseParserEnvironment) NextParserEtype(etherType []byte) (ParserInfo, error)
- func (e *BaseParserEnvironment) NextParserPort(proto string, srcPort, dstPort uint16) (ParserInfo, error)
- func (e *BaseParserEnvironment) NextParserProto(proto byte) (ParserInfo, error)
- func (e *BaseParserEnvironment) ParsePacket(flowMessage ProtoProducerMessageIf, data []byte) (err error)
- func (e *BaseParserEnvironment) RegisterEtype(eType uint16, parser ParserInfo) error
- func (e *BaseParserEnvironment) RegisterPort(proto string, dir RegPortDir, port uint16, parser ParserInfo) error
- func (e *BaseParserEnvironment) RegisterProto(proto byte, parser ParserInfo) error
- type DataMap
- type DataMapLayer
- type EndianType
- type FormatterConfig
- type FormatterConfigMapper
- func (f *FormatterConfigMapper) Fields() []string
- func (f *FormatterConfigMapper) IsArray(name string) bool
- func (f *FormatterConfigMapper) Keys() []string
- func (f *FormatterConfigMapper) NumToProtobuf(num int32) (ProtobufFormatterConfig, bool)
- func (f *FormatterConfigMapper) Remap(name string) (string, bool)
- func (f *FormatterConfigMapper) Rename(name string) (string, bool)
- func (f *FormatterConfigMapper) Render(name string) (RenderFunc, bool)
- type FormatterMapper
- type IPFIXProducerConfig
- type MapConfigBase
- type MapLayerIterator
- type MappableByteField
- type MappableField
- type NetFlowMapField
- type NetFlowMapper
- type NetFlowV9ProducerConfig
- type PacketLayerMapper
- type PacketMapper
- type ParseConfig
- type ParseResult
- func Parse8021Q(flowMessage *ProtoProducerMessage, data []byte, pc ParseConfig) (res ParseResult, err error)
- func ParseEthernet(flowMessage *ProtoProducerMessage, data []byte, pc ParseConfig) (res ParseResult, err error)
- func ParseGRE(flowMessage *ProtoProducerMessage, data []byte, pc ParseConfig) (res ParseResult, err error)
- func ParseGeneve(flowMessage *ProtoProducerMessage, data []byte, pc ParseConfig) (res ParseResult, err error)
- func ParseICMP(flowMessage *ProtoProducerMessage, data []byte, pc ParseConfig) (res ParseResult, err error)
- func ParseICMPv6(flowMessage *ProtoProducerMessage, data []byte, pc ParseConfig) (res ParseResult, err error)
- func ParseIPv4(flowMessage *ProtoProducerMessage, data []byte, pc ParseConfig) (res ParseResult, err error)
- func ParseIPv6(flowMessage *ProtoProducerMessage, data []byte, pc ParseConfig) (res ParseResult, err error)
- func ParseIPv6HeaderFragment(flowMessage *ProtoProducerMessage, data []byte, pc ParseConfig) (res ParseResult, err error)
- func ParseIPv6HeaderRouting(flowMessage *ProtoProducerMessage, data []byte, pc ParseConfig) (res ParseResult, err error)
- func ParseMPLS(flowMessage *ProtoProducerMessage, data []byte, pc ParseConfig) (res ParseResult, err error)
- func ParseTCP(flowMessage *ProtoProducerMessage, data []byte, pc ParseConfig) (res ParseResult, err error)
- func ParseTeredoDst(flowMessage *ProtoProducerMessage, data []byte, pc ParseConfig) (res ParseResult, err error)
- func ParseUDP(flowMessage *ProtoProducerMessage, data []byte, pc ParseConfig) (res ParseResult, err error)
- type Parser
- type ParserEnvironment
- type ParserInfo
- type ProducerConfig
- type ProtoProducer
- type ProtoProducerConfig
- type ProtoProducerMessage
- func (m *ProtoProducerMessage) AddLayer(name string) (ok bool)
- func (m *ProtoProducerMessage) FormatMessageReflectCustom(ext, quotes, sep, sign string, null bool) string
- func (m *ProtoProducerMessage) FormatMessageReflectJSON(ext string) string
- func (m *ProtoProducerMessage) FormatMessageReflectText(ext string) string
- func (m *ProtoProducerMessage) GetFlowMessage() *ProtoProducerMessage
- func (m *ProtoProducerMessage) Key() []byte
- func (m *ProtoProducerMessage) MapCustom(key string, v []byte, cfg MappableField) error
- func (m *ProtoProducerMessage) MarshalBinary() ([]byte, error)
- func (m *ProtoProducerMessage) MarshalJSON() ([]byte, error)
- func (m *ProtoProducerMessage) MarshalText() ([]byte, error)
- type ProtoProducerMessageIf
- type ProtoType
- type ProtobufFormatterConfig
- type RegPortDir
- type RenderFunc
- type RendererID
- type SFlowMapField
- type SFlowMapper
- type SFlowProducerConfig
- type SFlowProtocolParse
- type SamplingRateSystem
- type SingleSamplingRateSystem
- type TemplateMapper
Constants ¶
This section is empty.
Variables ¶
View Source
var ( BigEndian EndianType = "big" LittleEndian EndianType = "little" ProtoString ProtoType = "string" ProtoVarint ProtoType = "varint" ProtoTypeMap = map[string]ProtoType{ string(ProtoString): ProtoString, string(ProtoVarint): ProtoVarint, "bytes": ProtoString, } )
View Source
var ( PortDirSrc RegPortDir = "src" PortDirDst RegPortDir = "dst" PortDirBoth RegPortDir = "both" DefaultEnvironment *BaseParserEnvironment )
Functions ¶
func ConvertNetFlowDataSet ¶
func ConvertNetFlowDataSet(flowMessage *ProtoProducerMessage, version uint16, baseTime uint32, uptime uint32, record []netflow.DataField, mapperNetFlow TemplateMapper, mapperSFlow PacketMapper) error
func ConvertNetFlowLegacyRecord ¶
func ConvertNetFlowLegacyRecord(flowMessage *ProtoProducerMessage, baseTime uint64, uptime uint32, record netflowlegacy.RecordsNetFlowV5)
func CreateProtoProducer ¶
func CreateProtoProducer(cfg ProtoProducerConfig, samplingRateSystem func() SamplingRateSystem) (producer.ProducerInterface, error)
func DateTimeNanoRenderer ¶ added in v2.1.0
func DateTimeNanoRenderer(msg *ProtoProducerMessage, fieldName string, data interface{}) interface{}
func DateTimeRenderer ¶ added in v2.1.0
func DateTimeRenderer(msg *ProtoProducerMessage, fieldName string, data interface{}) interface{}
func DecodeNumber ¶
func DecodeNumberLE ¶
func DecodeUNumber ¶
func DecodeUNumberLE ¶
func EtypeRenderer ¶
func EtypeRenderer(msg *ProtoProducerMessage, fieldName string, data interface{}) interface{}
func GetSFlowFlowSamples ¶
func ICMPRenderer ¶
func ICMPRenderer(msg *ProtoProducerMessage, fieldName string, data interface{}) interface{}
func IPRenderer ¶
func IPRenderer(msg *ProtoProducerMessage, fieldName string, data interface{}) interface{}
func IcmpCodeType ¶
func MacRenderer ¶
func MacRenderer(msg *ProtoProducerMessage, fieldName string, data interface{}) interface{}
func MapCustom ¶
func MapCustom(flowMessage *ProtoProducerMessage, v []byte, cfg MappableField) error
func MapCustomNetFlow ¶
func MapCustomNetFlow(flowMessage *ProtoProducerMessage, df netflow.DataField, mapper TemplateMapper) error
func NetFlowLookFor ¶
func NetFlowPopulate ¶
func NetworkRenderer ¶
func NetworkRenderer(msg *ProtoProducerMessage, fieldName string, data interface{}) interface{}
func NilRenderer ¶
func NilRenderer(msg *ProtoProducerMessage, fieldName string, data interface{}) interface{}
func ParsePacket ¶ added in v2.2.0
func ParsePacket(flowMessage ProtoProducerMessageIf, data []byte, config PacketLayerMapper, pe ParserEnvironment) (err error)
func ParseSampledHeader ¶
func ParseSampledHeader(flowMessage *ProtoProducerMessage, sampledHeader *sflow.SampledHeader) error
func ParseSampledHeaderConfig ¶
func ParseSampledHeaderConfig(flowMessage *ProtoProducerMessage, sampledHeader *sflow.SampledHeader, config PacketMapper) error
func ProcessMessageIPFIXConfig ¶
func ProcessMessageIPFIXConfig(packet *netflow.IPFIXPacket, samplingRateSys SamplingRateSystem, config ProtoProducerConfig) (flowMessageSet []producer.ProducerMessage, err error)
Convert a NetFlow datastructure to a FlowMessage protobuf Does not put sampling rate
func ProcessMessageNetFlowLegacy ¶
func ProcessMessageNetFlowLegacy(packet *netflowlegacy.PacketNetFlowV5) ([]producer.ProducerMessage, error)
func ProcessMessageNetFlowV9Config ¶
func ProcessMessageNetFlowV9Config(packet *netflow.NFv9Packet, samplingRateSys SamplingRateSystem, config ProtoProducerConfig) (flowMessageSet []producer.ProducerMessage, err error)
Convert a NetFlow datastructure to a FlowMessage protobuf Does not put sampling rate
func ProcessMessageSFlowConfig ¶
func ProcessMessageSFlowConfig(packet *sflow.Packet, config ProtoProducerConfig) (flowMessageSet []producer.ProducerMessage, err error)
Converts an sFlow message
func ProtoRenderer ¶
func ProtoRenderer(msg *ProtoProducerMessage, fieldName string, data interface{}) interface{}
func SearchNetFlowDataSets ¶
func SearchNetFlowDataSets(version uint16, baseTime uint32, uptime uint32, dataFlowSet []netflow.DataFlowSet, mapperNetFlow TemplateMapper, mapperSFlow PacketMapper) (flowMessageSet []producer.ProducerMessage, err error)
func SearchNetFlowDataSetsRecords ¶
func SearchNetFlowDataSetsRecords(version uint16, baseTime uint32, uptime uint32, dataRecords []netflow.DataRecord, mapperNetFlow TemplateMapper, mapperSFlow PacketMapper) (flowMessageSet []producer.ProducerMessage, err error)
func SearchNetFlowLegacyRecords ¶
func SearchNetFlowLegacyRecords(baseTime uint64, uptime uint32, dataRecords []netflowlegacy.RecordsNetFlowV5) (flowMessageSet []producer.ProducerMessage)
func SearchNetFlowOptionDataSets ¶
func SearchNetFlowOptionDataSets(dataFlowSet []netflow.OptionsDataFlowSet) (samplingRate uint32, found bool, err error)
func SearchSFlowSampleConfig ¶
func SearchSFlowSampleConfig(flowMessage *ProtoProducerMessage, flowSample interface{}, config PacketMapper) error
func SearchSFlowSamplesConfig ¶
func SearchSFlowSamplesConfig(samples []interface{}, config PacketMapper) (flowMessageSet []producer.ProducerMessage, err error)
func SplitIPFIXSets ¶
func SplitIPFIXSets(packetIPFIX netflow.IPFIXPacket) ([]netflow.DataFlowSet, []netflow.TemplateFlowSet, []netflow.IPFIXOptionsTemplateFlowSet, []netflow.OptionsDataFlowSet)
func SplitNetFlowSets ¶
func SplitNetFlowSets(packetNFv9 netflow.NFv9Packet) ([]netflow.DataFlowSet, []netflow.TemplateFlowSet, []netflow.NFv9OptionsTemplateFlowSet, []netflow.OptionsDataFlowSet)
func StringRenderer ¶ added in v2.1.2
func StringRenderer(msg *ProtoProducerMessage, fieldName string, data interface{}) interface{}
func WriteDecoded ¶
func WriteUDecoded ¶
Types ¶
type BaseParserEnvironment ¶ added in v2.2.0
type BaseParserEnvironment struct {
// contains filtered or unexported fields
}
func NewBaseParserEnvironment ¶ added in v2.2.0
func NewBaseParserEnvironment() *BaseParserEnvironment
func (*BaseParserEnvironment) GetParser ¶ added in v2.2.0
func (e *BaseParserEnvironment) GetParser(name string) (info ParserInfo, ok bool)
GetParser returns a parser by name
func (*BaseParserEnvironment) NextParserEtype ¶ added in v2.2.0
func (e *BaseParserEnvironment) NextParserEtype(etherType []byte) (ParserInfo, error)
func (*BaseParserEnvironment) NextParserPort ¶ added in v2.2.0
func (e *BaseParserEnvironment) NextParserPort(proto string, srcPort, dstPort uint16) (ParserInfo, error)
func (*BaseParserEnvironment) NextParserProto ¶ added in v2.2.0
func (e *BaseParserEnvironment) NextParserProto(proto byte) (ParserInfo, error)
func (*BaseParserEnvironment) ParsePacket ¶ added in v2.2.0
func (e *BaseParserEnvironment) ParsePacket(flowMessage ProtoProducerMessageIf, data []byte) (err error)
func (*BaseParserEnvironment) RegisterEtype ¶ added in v2.2.0
func (e *BaseParserEnvironment) RegisterEtype(eType uint16, parser ParserInfo) error
RegisterEtype adds or replace a parser used when decoding a protocol on top of layer 2 (eg: Ethernet).
func (*BaseParserEnvironment) RegisterPort ¶ added in v2.2.0
func (e *BaseParserEnvironment) RegisterPort(proto string, dir RegPortDir, port uint16, parser ParserInfo) error
RegisterPort adds or replace a parser used when decoding a protocol on top of layer 4 (eg: UDP). Port is used for source and destination
func (*BaseParserEnvironment) RegisterProto ¶ added in v2.2.0
func (e *BaseParserEnvironment) RegisterProto(proto byte, parser ParserInfo) error
RegisterProto adds or replace a parser used when decoding a protocol on top of layer 3 (eg: IP).
type DataMap ¶
type DataMap struct {
MapConfigBase
}
type DataMapLayer ¶
type DataMapLayer struct {
MapConfigBase
Offset int
Length int
Encapsulated bool
}
Extended structure for packet mapping
func (*DataMapLayer) GetLength ¶ added in v2.2.0
func (c *DataMapLayer) GetLength() int
func (*DataMapLayer) GetOffset ¶ added in v2.2.0
func (c *DataMapLayer) GetOffset() int
func (*DataMapLayer) IsEncapsulated ¶ added in v2.2.0
func (c *DataMapLayer) IsEncapsulated() bool
type EndianType ¶
type EndianType string
type FormatterConfig ¶
type FormatterConfig struct {
Fields []string `yaml:"fields"`
Key []string `yaml:"key"`
Render map[string]RendererID `yaml:"render"`
Rename map[string]string `yaml:"rename"`
Protobuf []ProtobufFormatterConfig `yaml:"protobuf"`
}
type FormatterConfigMapper ¶
type FormatterConfigMapper struct {
// contains filtered or unexported fields
}
func (*FormatterConfigMapper) Fields ¶ added in v2.2.0
func (f *FormatterConfigMapper) Fields() []string
func (*FormatterConfigMapper) IsArray ¶ added in v2.2.0
func (f *FormatterConfigMapper) IsArray(name string) bool
func (*FormatterConfigMapper) Keys ¶ added in v2.2.0
func (f *FormatterConfigMapper) Keys() []string
func (*FormatterConfigMapper) NumToProtobuf ¶ added in v2.2.0
func (f *FormatterConfigMapper) NumToProtobuf(num int32) (ProtobufFormatterConfig, bool)
func (*FormatterConfigMapper) Remap ¶ added in v2.2.0
func (f *FormatterConfigMapper) Remap(name string) (string, bool)
func (*FormatterConfigMapper) Rename ¶ added in v2.2.0
func (f *FormatterConfigMapper) Rename(name string) (string, bool)
func (*FormatterConfigMapper) Render ¶ added in v2.2.0
func (f *FormatterConfigMapper) Render(name string) (RenderFunc, bool)
type FormatterMapper ¶ added in v2.2.0
type FormatterMapper interface {
Keys() []string
Fields() []string
Rename(name string) (string, bool)
Remap(name string) (string, bool)
Render(name string) (RenderFunc, bool)
NumToProtobuf(num int32) (ProtobufFormatterConfig, bool)
IsArray(name string) bool
}
FormatterMapper returns the configuration statements for the textual formatting of the protobuf messages
type IPFIXProducerConfig ¶
type IPFIXProducerConfig struct {
Mapping []NetFlowMapField `yaml:"mapping"`
}
type MapConfigBase ¶
type MapConfigBase struct {
// Used if the field inside the protobuf exists
// also serves as the field when rendering with text
Destination string
Endianness EndianType
// The following fields are used for mapping
// when the destination field does not exist
// inside the protobuf
ProtoIndex int32
ProtoType ProtoType
ProtoArray bool
}
Structure to help the MapCustom functions populate the protobuf data
func (*MapConfigBase) GetDestination ¶ added in v2.2.0
func (c *MapConfigBase) GetDestination() string
func (*MapConfigBase) GetEndianness ¶ added in v2.2.0
func (c *MapConfigBase) GetEndianness() EndianType
func (*MapConfigBase) GetProtoIndex ¶ added in v2.2.0
func (c *MapConfigBase) GetProtoIndex() int32
func (*MapConfigBase) GetProtoType ¶ added in v2.2.0
func (c *MapConfigBase) GetProtoType() ProtoType
func (*MapConfigBase) IsArray ¶ added in v2.2.0
func (c *MapConfigBase) IsArray() bool
type MapLayerIterator ¶ added in v2.2.0
type MapLayerIterator interface {
Next() MappableByteField // returns the next MappableByteField. Function is called by the packet parser until returns nil.
}
MapLayerIterator is the interface to obtain subsequent mapping information
type MappableByteField ¶ added in v2.2.0
type MappableByteField interface {
MappableField
GetOffset() int
GetLength() int
IsEncapsulated() bool
}
MappableByteField is the interface, similar to MappableField, but for direct packet parsing. Provided by PacketMapper.
type MappableField ¶ added in v2.2.0
type MappableField interface {
GetEndianness() EndianType
GetDestination() string
GetProtoIndex() int32
GetProtoType() ProtoType
IsArray() bool
}
MappableField is the interface that allows a flow's field to be mapped to a specific protobuf field. Provided by Template Mapper's function.
type NetFlowMapField ¶
type NetFlowMapField struct {
PenProvided bool `yaml:"penprovided"`
Type uint16 `yaml:"field"`
Pen uint32 `yaml:"pen"`
Destination string `yaml:"destination"`
Endian EndianType `yaml:"endianness"`
}
type NetFlowMapper ¶
type NetFlowMapper struct {
// contains filtered or unexported fields
}
func (*NetFlowMapper) Map ¶
func (m *NetFlowMapper) Map(field netflow.DataField) (MappableField, bool)
type NetFlowV9ProducerConfig ¶
type NetFlowV9ProducerConfig struct {
Mapping []NetFlowMapField `yaml:"mapping"`
}
type PacketLayerMapper ¶ added in v2.2.0
type PacketLayerMapper interface {
Map(layer string) MapLayerIterator // returns an iterator to avoid handling arrays
}
PacketLayerMapper is the interface to obtain the mapping information for a layer of a packet
type PacketMapper ¶ added in v2.2.0
type PacketMapper interface {
ParsePacket(flowMessage ProtoProducerMessageIf, data []byte) (err error)
}
PacketMapper is the interface to parse a packet into a flow message
type ParseConfig ¶ added in v2.2.0
type ParseConfig struct {
Environment ParserEnvironment // parser configuration to customize chained calls
Layer int // absolute index of the layer
Calls int // number of times the function was called (using parser index)
LayerCall int // number of times a function in a layer (eg: Transport) was called (using layer index)
Encapsulated bool // indicates if outside the typical mac-network-transport
}
Stores information about the current state of parsing
func (*ParseConfig) BaseLayer ¶ added in v2.2.0
func (c *ParseConfig) BaseLayer() bool
BaseLayer indicates if the parser should map to the top-level fields of the protobuf
type ParseResult ¶ added in v2.2.0
type ParseResult struct {
NextParser ParserInfo // Next parser to be called
Size int // Size of the layer
}
ParseResult contains information about the next
func Parse8021Q ¶ added in v2.1.0
func Parse8021Q(flowMessage *ProtoProducerMessage, data []byte, pc ParseConfig) (res ParseResult, err error)
func ParseEthernet ¶ added in v2.1.0
func ParseEthernet(flowMessage *ProtoProducerMessage, data []byte, pc ParseConfig) (res ParseResult, err error)
func ParseGRE ¶ added in v2.2.0
func ParseGRE(flowMessage *ProtoProducerMessage, data []byte, pc ParseConfig) (res ParseResult, err error)
func ParseGeneve ¶ added in v2.2.0
func ParseGeneve(flowMessage *ProtoProducerMessage, data []byte, pc ParseConfig) (res ParseResult, err error)
func ParseICMP ¶ added in v2.1.0
func ParseICMP(flowMessage *ProtoProducerMessage, data []byte, pc ParseConfig) (res ParseResult, err error)
func ParseICMPv6 ¶ added in v2.1.0
func ParseICMPv6(flowMessage *ProtoProducerMessage, data []byte, pc ParseConfig) (res ParseResult, err error)
func ParseIPv4 ¶ added in v2.1.0
func ParseIPv4(flowMessage *ProtoProducerMessage, data []byte, pc ParseConfig) (res ParseResult, err error)
func ParseIPv6 ¶ added in v2.1.0
func ParseIPv6(flowMessage *ProtoProducerMessage, data []byte, pc ParseConfig) (res ParseResult, err error)
func ParseIPv6HeaderFragment ¶ added in v2.2.0
func ParseIPv6HeaderFragment(flowMessage *ProtoProducerMessage, data []byte, pc ParseConfig) (res ParseResult, err error)
func ParseIPv6HeaderRouting ¶ added in v2.2.0
func ParseIPv6HeaderRouting(flowMessage *ProtoProducerMessage, data []byte, pc ParseConfig) (res ParseResult, err error)
func ParseMPLS ¶ added in v2.1.0
func ParseMPLS(flowMessage *ProtoProducerMessage, data []byte, pc ParseConfig) (res ParseResult, err error)
func ParseTCP ¶ added in v2.1.0
func ParseTCP(flowMessage *ProtoProducerMessage, data []byte, pc ParseConfig) (res ParseResult, err error)
func ParseTeredoDst ¶ added in v2.2.0
func ParseTeredoDst(flowMessage *ProtoProducerMessage, data []byte, pc ParseConfig) (res ParseResult, err error)
func ParseUDP ¶ added in v2.1.0
func ParseUDP(flowMessage *ProtoProducerMessage, data []byte, pc ParseConfig) (res ParseResult, err error)
type Parser ¶ added in v2.2.0
type Parser func(flowMessage *ProtoProducerMessage, data []byte, pc ParseConfig) (res ParseResult, err error)
Parser is a function that maps various items of a layer to a ProtoProducerMessage
type ParserEnvironment ¶ added in v2.2.0
type ParserEnvironment interface {
NextParserEtype(etherType []byte) (ParserInfo, error)
NextParserProto(proto byte) (ParserInfo, error)
NextParserPort(proto string, srcPort, dstPort uint16) (ParserInfo, error)
}
type ParserInfo ¶ added in v2.2.0
type ProducerConfig ¶
type ProducerConfig struct {
Formatter FormatterConfig `yaml:"formatter"`
IPFIX IPFIXProducerConfig `yaml:"ipfix"`
NetFlowV9 NetFlowV9ProducerConfig `yaml:"netflowv9"`
SFlow SFlowProducerConfig `yaml:"sflow"` // also used for IPFIX data frames
}
func (*ProducerConfig) Compile ¶ added in v2.2.0
func (c *ProducerConfig) Compile() (ProtoProducerConfig, error)
type ProtoProducer ¶
type ProtoProducer struct {
// contains filtered or unexported fields
}
func (*ProtoProducer) Close ¶
func (p *ProtoProducer) Close()
func (*ProtoProducer) Commit ¶
func (p *ProtoProducer) Commit(flowMessageSet []producer.ProducerMessage)
func (*ProtoProducer) Produce ¶
func (p *ProtoProducer) Produce(msg interface{}, args *producer.ProduceArgs) (flowMessageSet []producer.ProducerMessage, err error)
type ProtoProducerConfig ¶ added in v2.2.0
type ProtoProducerConfig interface {
GetFormatter() FormatterMapper
GetIPFIXMapper() TemplateMapper
GetNetFlowMapper() TemplateMapper
GetPacketMapper() PacketMapper
}
ProtoProducerConfig is the top level configuration for a general flow to protobuf producer
type ProtoProducerMessage ¶
type ProtoProducerMessage struct {
flowmessage.FlowMessage
// contains filtered or unexported fields
}
func (*ProtoProducerMessage) AddLayer ¶ added in v2.2.0
func (m *ProtoProducerMessage) AddLayer(name string) (ok bool)
func (*ProtoProducerMessage) FormatMessageReflectCustom ¶
func (m *ProtoProducerMessage) FormatMessageReflectCustom(ext, quotes, sep, sign string, null bool) string
func (*ProtoProducerMessage) FormatMessageReflectJSON ¶
func (m *ProtoProducerMessage) FormatMessageReflectJSON(ext string) string
func (*ProtoProducerMessage) FormatMessageReflectText ¶
func (m *ProtoProducerMessage) FormatMessageReflectText(ext string) string
func (*ProtoProducerMessage) GetFlowMessage ¶ added in v2.2.0
func (m *ProtoProducerMessage) GetFlowMessage() *ProtoProducerMessage
func (*ProtoProducerMessage) Key ¶
func (m *ProtoProducerMessage) Key() []byte
func (*ProtoProducerMessage) MapCustom ¶ added in v2.2.0
func (m *ProtoProducerMessage) MapCustom(key string, v []byte, cfg MappableField) error
func (*ProtoProducerMessage) MarshalBinary ¶
func (m *ProtoProducerMessage) MarshalBinary() ([]byte, error)
func (*ProtoProducerMessage) MarshalJSON ¶
func (m *ProtoProducerMessage) MarshalJSON() ([]byte, error)
func (*ProtoProducerMessage) MarshalText ¶
func (m *ProtoProducerMessage) MarshalText() ([]byte, error)
type ProtoProducerMessageIf ¶ added in v2.2.0
type ProtoProducerMessageIf interface {
GetFlowMessage() *ProtoProducerMessage // access the underlying structure
MapCustom(key string, v []byte, cfg MappableField) error // inject custom field
}
ProtoProducerMessageIf interface to a flow message, used by parsers and tests
type ProtobufFormatterConfig ¶
type RegPortDir ¶ added in v2.2.0
type RegPortDir string
type RenderFunc ¶
type RenderFunc func(msg *ProtoProducerMessage, fieldName string, data interface{}) interface{}
type RendererID ¶
type RendererID string
const ( RendererNone RendererID = "none" RendererIP RendererID = "ip" RendererMac RendererID = "mac" RendererEtype RendererID = "etype" RendererProto RendererID = "proto" RendererType RendererID = "type" RendererNetwork RendererID = "network" RendererDateTime RendererID = "datetime" RendererDateTimeNano RendererID = "datetimenano" RendererString RendererID = "string" )
type SFlowMapField ¶
type SFlowMapper ¶
type SFlowMapper struct {
// contains filtered or unexported fields
}
func (*SFlowMapper) Map ¶ added in v2.2.0
func (m *SFlowMapper) Map(layer string) MapLayerIterator
func (*SFlowMapper) ParsePacket ¶ added in v2.2.0
func (m *SFlowMapper) ParsePacket(flowMessage ProtoProducerMessageIf, data []byte) (err error)
type SFlowProducerConfig ¶
type SFlowProducerConfig struct {
Mapping []SFlowMapField `yaml:"mapping"`
Ports []SFlowProtocolParse `yaml:"ports"`
}
type SFlowProtocolParse ¶ added in v2.2.0
type SFlowProtocolParse struct {
Proto string `yaml:"proto"`
Dir RegPortDir `yaml:"dir"`
Port uint16 `yaml:"port"`
Parser string `yaml:"parser"`
}
type SamplingRateSystem ¶
type SamplingRateSystem interface {
GetSamplingRate(version uint16, obsDomainId uint32) (uint32, error)
AddSamplingRate(version uint16, obsDomainId uint32, samplingRate uint32)
}
func CreateSamplingSystem ¶
func CreateSamplingSystem() SamplingRateSystem
type SingleSamplingRateSystem ¶
type SingleSamplingRateSystem struct {
Sampling uint32
}
func (*SingleSamplingRateSystem) AddSamplingRate ¶
func (s *SingleSamplingRateSystem) AddSamplingRate(version uint16, obsDomainId uint32, samplingRate uint32)
func (*SingleSamplingRateSystem) GetSamplingRate ¶
func (s *SingleSamplingRateSystem) GetSamplingRate(version uint16, obsDomainId uint32) (uint32, error)
type TemplateMapper ¶ added in v2.2.0
type TemplateMapper interface {
Map(field netflow.DataField) (MappableField, bool)
}
TemplateMapper is the interface to returns the mapping information for a specific type of template field
Source Files
Click to show internal directories.
Click to hide internal directories.