netflow9

package
v0.0.0-...-8c13bb0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 3, 2024 License: MIT Imports: 10 Imported by: 33

Documentation

Overview

Package netflow9 implements NetFlow version 9 as specified in RFC 3954.

About

NetFlow version 9 is the IETF standard mechanism for information export.

Structure

The basic output of NetFlow is a flow record. Several different formats for flow records have evolved as NetFlow has matured. The most recent evolution of the NetFlow flow-record format is known as NetFlow version 9. The distinguishing feature of the NetFlow Version 9 format, which is the basis for an IETF standard, is that it is template-based.

Templates provide an extensible design to the record format, a feature that should allow future enhancements to NetFlow services without requiring concurrent changes to the basic flow-record format.

Index

Constants

View Source 
const (
	// Version word in the Packet Header
	Version uint16 = 0x0009
)

Variables

This section is empty.

Functions

func Dump 

func Dump(p *Packet)

Types

type DataFlowSet 

type DataFlowSet struct {
	Header  FlowSetHeader
	Records []DataRecord
	Bytes   []byte
}

func (*DataFlowSet) Unmarshal 

func (dfs *DataFlowSet) Unmarshal(r io.Reader, template session.Template, t *Translate) error

type DataRecord 

type DataRecord struct {
	TemplateID   uint16
	OptionScopes []session.OptionScope
	Fields       Fields
}

func (*DataRecord) GetFields 

func (this *DataRecord) GetFields() Fields

func (*DataRecord) GetScopes 

func (this *DataRecord) GetScopes() []session.OptionScope

func (*DataRecord) GetTemplateID 

func (this *DataRecord) GetTemplateID() uint16

func (*DataRecord) Unmarshal 

func (dr *DataRecord) Unmarshal(r io.Reader, fss []session.TemplateFieldSpecifier, t *Translate) error

type Decoder 

type Decoder struct {
	io.Reader
	session.Session
	*Translate
}

Decoder can decode multiple IPFIX messages from a stream.

func NewDecoder 

func NewDecoder(r io.Reader, s session.Session) *Decoder

func (*Decoder) Decode 

func (d *Decoder) Decode(data []byte) (*Packet, error)

Decode decodes a single message from a buffer of bytes.

func (*Decoder) Next 

func (d *Decoder) Next() (*Packet, error)

Next decodes the next message from the stream. Note that if there is an exception, depending on where the exception originated from, the decoder results can no longer be trusted and the stream should be reset.

type Field 

type Field struct {
	Type       uint16
	Length     uint16
	Translated *TranslatedField
	Bytes      []byte
}

func (*Field) GetBytes 

func (this *Field) GetBytes() []byte

func (*Field) GetLength 

func (this *Field) GetLength() uint16

func (*Field) GetTranslated 

func (this *Field) GetTranslated() *TranslatedField

func (*Field) GetType 

func (this *Field) GetType() uint16

func (*Field) Unmarshal 

func (f *Field) Unmarshal(r io.Reader) error

type FieldSpecifier 

type FieldSpecifier struct {
	Type   uint16
	Length uint16
}

func (FieldSpecifier) GetLength 

func (this FieldSpecifier) GetLength() uint16

func (FieldSpecifier) GetType 

func (this FieldSpecifier) GetType() uint16

func (*FieldSpecifier) String 

func (fs *FieldSpecifier) String() string

func (*FieldSpecifier) Unmarshal 

func (f *FieldSpecifier) Unmarshal(r io.Reader) error

type FieldSpecifiers 

type FieldSpecifiers []FieldSpecifier

func (FieldSpecifiers) String 

func (fs FieldSpecifiers) String() string

func (*FieldSpecifiers) Unmarshal 

func (fs *FieldSpecifiers) Unmarshal(r io.Reader) error

type Fields 

type Fields []Field

type FlowSetHeader 

type FlowSetHeader struct {
	ID     uint16
	Length uint16
}

func (*FlowSetHeader) Len 

func (h *FlowSetHeader) Len() int

func (*FlowSetHeader) Unmarshal 

func (h *FlowSetHeader) Unmarshal(r io.Reader) error

type OptionTemplateRecord 

type OptionTemplateRecord struct {
	TemplateID    uint16
	ScopeLength   uint16
	OptionsLength uint16
	Scopes        ScopeSpecifiers
	Options       FieldSpecifiers
}

func (OptionTemplateRecord) GetFields 

func (this OptionTemplateRecord) GetFields() []session.TemplateFieldSpecifier

func (OptionTemplateRecord) ID 

func (this OptionTemplateRecord) ID() uint16

func (OptionTemplateRecord) Size 

func (this OptionTemplateRecord) Size() int

func (*OptionTemplateRecord) Unmarshal 

func (this *OptionTemplateRecord) Unmarshal(r io.Reader) error

type OptionsTemplateFlowSet 

type OptionsTemplateFlowSet struct {
	Header  FlowSetHeader
	Records []OptionTemplateRecord
	Bytes   []byte
}

OptionsTemplateRecord (and its corresponding OptionsDataRecord) is used to supply information about the NetFlow process configuration or NetFlow process specific data, rather than supplying information about IP Flows.

For example, the Options Template FlowSet can report the sample rate of a specific interface, if sampling is supported, along with the sampling method used.

The format of the Options Template FlowSet follows: 

 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|       FlowSet ID = 1          |          Length               |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|         Template ID           |      Option Scope Length      |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|        Option Length          |       Scope 1 Field Type      |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|     Scope 1 Field Length      |               ...             |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|     Scope N Field Length      |      Option 1 Field Type      |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|     Option 1 Field Length     |             ...               |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|     Option M Field Length     |           Padding             |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

func (*OptionsTemplateFlowSet) UnmarshalRecords 

func (this *OptionsTemplateFlowSet) UnmarshalRecords(r io.Reader) error

type Packet 

type Packet struct {
	Header                  PacketHeader
	TemplateFlowSets        []TemplateFlowSet
	OptionsTemplateFlowSets []OptionsTemplateFlowSet
	DataFlowSets            []DataFlowSet
	OptionsDataFlowSets     []DataFlowSet
}

Packet consists of a Packet Header followed by one or more FlowSets. The FlowSets can be any of the possible three types: Template, Data, or Options Template.

The format of the Packet on the wire is: 

+--------+-------------------------------------------+
|        | +----------+ +---------+ +----------+     |
| Packet | | Template | | Data    | | Options  |     |
| Header | | FlowSet  | | FlowSet | | Template | ... |
|        | |          | |         | | FlowSet  |     |
|        | +----------+ +---------+ +----------+     |
+--------+-------------------------------------------+

func Read 

func Read(r io.Reader, s session.Session, t *Translate) (*Packet, error)

Read a single Netflow packet from the provided reader and decode all the sets.

func (*Packet) UnmarshalFlowSets 

func (p *Packet) UnmarshalFlowSets(r io.Reader, s session.Session, t *Translate) error

type PacketHeader 

type PacketHeader struct {
	Version        uint16
	Count          uint16
	SysUpTime      uint32
	UnixSecs       uint32
	SequenceNumber uint32
	SourceID       uint32
}

PacketHeader is a Packet Header (RFC 3954 section 5.1)

func (PacketHeader) Len 

func (h PacketHeader) Len() int

func (*PacketHeader) Unmarshal 

func (h *PacketHeader) Unmarshal(r io.Reader) error

type ScopeSpecifier 

type ScopeSpecifier struct {
	Type   uint16
	Length uint16
}

func (ScopeSpecifier) GetLength 

func (this ScopeSpecifier) GetLength() uint16

func (ScopeSpecifier) GetType 

func (this ScopeSpecifier) GetType() uint16

func (*ScopeSpecifier) String 

func (this *ScopeSpecifier) String() string

func (*ScopeSpecifier) Unmarshal 

func (this *ScopeSpecifier) Unmarshal(r io.Reader) error

type ScopeSpecifiers 

type ScopeSpecifiers []ScopeSpecifier

func (ScopeSpecifiers) String 

func (this ScopeSpecifiers) String() string

func (*ScopeSpecifiers) Unmarshal 

func (this *ScopeSpecifiers) Unmarshal(r io.Reader) error

type TemplateFlowSet 

type TemplateFlowSet struct {
	Header  FlowSetHeader
	Records []TemplateRecord
}

TemplateFlowSet enhance the flexibility of the Flow Record format because they allow the NetFlow Collector to process Flow Records without necessarily knowing the interpretation of all the data in the Flow Record.

The format of the Template FlowSet is as follows: 

0                   1                   2                   3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|       FlowSet ID = 0          |          Length               |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|      Template ID 256          |         Field Count           |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|        Field Type 1           |         Field Length 1        |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|        Field Type 2           |         Field Length 2        |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|             ...               |              ...              |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|        Field Type N           |         Field Length N        |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|      Template ID 257          |         Field Count           |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|        Field Type 1           |         Field Length 1        |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|        Field Type 2           |         Field Length 2        |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|             ...               |              ...              |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|        Field Type M           |         Field Length M        |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|             ...               |              ...              |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|        Template ID K          |         Field Count           |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|             ...               |              ...              |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

func (*TemplateFlowSet) UnmarshalRecords 

func (tfs *TemplateFlowSet) UnmarshalRecords(r io.Reader) error

type TemplateRecord 

type TemplateRecord struct {
	TemplateID uint16
	FieldCount uint16
	Fields     FieldSpecifiers
}

TemplateRecord is a Template Record as per RFC3964 section 5.2

func (TemplateRecord) GetFields 

func (this TemplateRecord) GetFields() []session.TemplateFieldSpecifier

func (TemplateRecord) ID 

func (tr TemplateRecord) ID() uint16

func (TemplateRecord) Size 

func (tr TemplateRecord) Size() int

func (TemplateRecord) String 

func (tr TemplateRecord) String() string

func (*TemplateRecord) Unmarshal 

func (tr *TemplateRecord) Unmarshal(r io.Reader) error

type Translate 

type Translate struct {
	*translate.Translate
}

func NewTranslate 

func NewTranslate(s session.Session) *Translate

func (*Translate) Record 

func (t *Translate) Record(dr *DataRecord) error

type TranslatedField 

type TranslatedField struct {
	Name  string
	Type  uint16
	Value interface{}
	Bytes []byte
}

func (TranslatedField) String 

func (tf TranslatedField) String() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.