forked from packethost/goflow
-
Notifications
You must be signed in to change notification settings - Fork 0
/
packet.go
153 lines (120 loc) · 4.65 KB
/
packet.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
package netflow
import (
"fmt"
)
// FlowSetHeader contains fields shared by all Flow Sets (DataFlowSet,
// TemplateFlowSet, OptionsTemplateFlowSet).
type FlowSetHeader struct {
// FlowSet ID:
// 0 for TemplateFlowSet
// 1 for OptionsTemplateFlowSet
// 256-65535 for DataFlowSet (used as TemplateId)
Id uint16
// The total length of this FlowSet in bytes (including padding).
Length uint16
}
// TemplateFlowSet is a collection of templates that describe structure of Data
// Records (actual NetFlow data).
type TemplateFlowSet struct {
FlowSetHeader
// List of Template Records
Records []TemplateRecord
}
// DataFlowSet is a collection of Data Records (actual NetFlow data) and Options
// Data Records (meta data).
type DataFlowSet struct {
FlowSetHeader
Records []DataRecord
}
type OptionsDataFlowSet struct {
FlowSetHeader
Records []OptionsDataRecord
}
// TemplateRecord is a single template that describes structure of a Flow Record
// (actual Netflow data).
type TemplateRecord struct {
// Each of the newly generated Template Records is given a unique
// Template ID. This uniqueness is local to the Observation Domain that
// generated the Template ID. Template IDs of Data FlowSets are numbered
// from 256 to 65535.
TemplateId uint16
// Number of fields in this Template Record. Because a Template FlowSet
// usually contains multiple Template Records, this field allows the
// Collector to determine the end of the current Template Record and
// the start of the next.
FieldCount uint16
// List of fields in this Template Record.
Fields []Field
}
type DataRecord struct {
Values []DataField
}
// OptionsDataRecord is meta data sent alongide actual NetFlow data. Combined
// with OptionsTemplateRecord it can be decoded to a single data row.
type OptionsDataRecord struct {
// List of Scope values stored in raw format as []byte
ScopesValues []DataField
// List of Optons values stored in raw format as []byte
OptionsValues []DataField
}
// Field describes type and length of a single value in a Flow Data Record.
// Field does not contain the record value itself it is just a description of
// what record value will look like.
type Field struct {
// A numeric value that represents the type of field.
Type uint16
// The length (in bytes) of the field.
Length uint16
}
type DataField struct {
// A numeric value that represents the type of field.
Type uint16
// The value (in bytes) of the field.
Value interface{}
//Value []byte
}
func (flowSet OptionsDataFlowSet) String(TypeToString func(uint16) string, ScopeToString func(uint16) string) string {
str := fmt.Sprintf(" Id %v\n", flowSet.Id)
str += fmt.Sprintf(" Length: %v\n", flowSet.Length)
str += fmt.Sprintf(" Records (%v records):\n", len(flowSet.Records))
for j, record := range flowSet.Records {
str += fmt.Sprintf(" - Record %v:\n", j)
str += fmt.Sprintf(" Scopes (%v):\n", len(record.ScopesValues))
for k, value := range record.ScopesValues {
str += fmt.Sprintf(" - %v. %v (%v): %v\n", k, ScopeToString(value.Type), value.Type, value.Value)
}
str += fmt.Sprintf(" Options (%v):\n", len(record.OptionsValues))
for k, value := range record.OptionsValues {
str += fmt.Sprintf(" - %v. %v (%v): %v\n", k, TypeToString(value.Type), value.Type, value.Value)
}
}
return str
}
func (flowSet DataFlowSet) String(TypeToString func(uint16) string) string {
str := fmt.Sprintf(" Id %v\n", flowSet.Id)
str += fmt.Sprintf(" Length: %v\n", flowSet.Length)
str += fmt.Sprintf(" Records (%v records):\n", len(flowSet.Records))
for j, record := range flowSet.Records {
str += fmt.Sprintf(" - Record %v:\n", j)
str += fmt.Sprintf(" Values (%v):\n", len(record.Values))
for k, value := range record.Values {
str += fmt.Sprintf(" - %v. %v (%v): %v\n", k, TypeToString(value.Type), value.Type, value.Value)
}
}
return str
}
func (flowSet TemplateFlowSet) String(TypeToString func(uint16) string) string {
str := fmt.Sprintf(" Id %v\n", flowSet.Id)
str += fmt.Sprintf(" Length: %v\n", flowSet.Length)
str += fmt.Sprintf(" Records (%v records):\n", len(flowSet.Records))
for j, record := range flowSet.Records {
str += fmt.Sprintf(" - %v. Record:\n", j)
str += fmt.Sprintf(" TemplateId: %v\n", record.TemplateId)
str += fmt.Sprintf(" FieldCount: %v\n", record.FieldCount)
str += fmt.Sprintf(" Fields (%v):\n", len(record.Fields))
for k, field := range record.Fields {
str += fmt.Sprintf(" - %v. %v (%v): %v\n", k, TypeToString(field.Type), field.Type, field.Length)
}
}
return str
}