netflow5

package

v0.9.1 Latest Latest Go to latest Published: May 16, 2022 License: Apache-2.0 Imports: 7 Imported by: 2

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/EdgeCast/vflow

Links

Open Source Insights

Documentation ¶

Overview ¶

Package netflow5 decodes netflow version v5 packets

Index ¶

type Decoder
- func NewDecoder(raddr net.IP, b []byte) *Decoder
- func (d *Decoder) Decode() (*Message, error)
type FlowRecord
type Message
- func (m *Message) JSONMarshal(b *bytes.Buffer) ([]byte, error)
type PacketHeader

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Decoder ¶

type Decoder struct {
	// contains filtered or unexported fields
}

Decoder represents Netflow payload and remote address

func NewDecoder ¶

func NewDecoder(raddr net.IP, b []byte) *Decoder

NewDecoder constructs a decoder

func (*Decoder) Decode ¶

func (d *Decoder) Decode() (*Message, error)

Decode decodes the flow records

type FlowRecord ¶

type FlowRecord struct {
	SrcAddr   uint32 // Source IP Address
	DstAddr   uint32 // Destination IP Address
	NextHop   uint32 // IP Address of the next hop router
	Input     uint16 // SNMP index of input interface
	Output    uint16 // SNMP index of output interface
	PktCount  uint32 // Number of packets in the flow
	L3Octets  uint32 // Total number of Layer 3 bytes in the packets of the flow
	StartTime uint32 // SysUptime at start of flow in ms since last boot
	EndTime   uint32 // SysUptime at end of the flow in ms since last boot
	SrcPort   uint16 // TCP/UDP source port number or equivalent
	DstPort   uint16 // TCP/UDP destination port number or equivalent
	Padding1  uint8  // Unused (zero) bytes
	TCPFlags  uint8  // Cumulative OR of TCP flags
	ProtType  uint8  // IP protocol type (for example, TCP = 6; UDP = 17)
	Tos       uint8  // IP type of service (ToS)
	SrcAsNum  uint16 // Autonomous system number of the source, either origin or peer
	DstAsNum  uint16 // Autonomous system number of the destination, either origin or peer
	SrcMask   uint8  // Source address prefix mask bits
	DstMask   uint8  // Destination address prefix mask bits
	Padding2  uint16 // Unused (zero) bytes
}

FlowRecord represents Netflow v5 flow Based on docs at https://www.plixer.com/support/netflow-v5/ 48 bytes long

type Message ¶

type Message struct {
	AgentID string
	Header  PacketHeader
	Flows   []FlowRecord
}

Message represents Netflow v5 decoded data

func (*Message) JSONMarshal ¶

func (m *Message) JSONMarshal(b *bytes.Buffer) ([]byte, error)

JSONMarshal encodes netflow v9 message

type PacketHeader ¶

type PacketHeader struct {
	Version        uint16 // Version of Flow Record format exported in this packet
	Count          uint16 // The total number of flows in the Export Packet
	SysUpTimeMSecs uint32 // Time in milliseconds since this device was first booted
	UNIXSecs       uint32 // Time in seconds since 0000 UTC 1970
	UNIXNSecs      uint32 // Residual nanoseconds since 0000 UTC 1970
	SeqNum         uint32 // Incremental sequence counter of total flows
	EngType        uint8  // An 8-bit value that identifies the type of flow-switching engine
	EngID          uint8  // An 8-bit value that identifies the Slot number of the flow-switching engine
	SmpInt         uint16 // A 16-bit value that identifies the Sampling Interval

}

PacketHeader represents Netflow v5 packet header Based on docs at https://www.plixer.com/support/netflow-v5/ 24 bytes long

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL