flowdata

package module
v0.0.6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 13, 2021 License: BSD-2-Clause Imports: 11 Imported by: 0

README

Flowdata

Documentation

Overview

Package flowdata contains conversions for processing IPFIX flow messages as emitted by vflow.

Index

Constants

View Source 
const (
	ProtocolUnknown = 0
	ProtocolICMP4   = 1
	ProtocolIGMP    = 2
	ProtocolIPv4    = 3
	ProtocolTCP     = 6
	ProtocolUDP     = 17
	ProtocolIPv6    = 41
	ProtocolGRE     = 47
	ProtocolESP     = 50
	ProtocolAH      = 51
	ProtocolICMP6   = 58
	ProtocolL2TP    = 115
	ProtocolSCTP    = 132
	ProtocolUDPLite = 136
	ProtocolMPLS    = 137

	ProtoNameUnknown = `unknown`
	ProtoNameICMP4   = `ICMP`
	ProtoNameIGMP    = `IGMP`
	ProtoNameIPv4    = `IPv4`
	ProtoNameTCP     = `TCP`
	ProtoNameUDP     = `UDP`
	ProtoNameIPv6    = `IPv6`
	ProtoNameGRE     = `GRE`
	ProtoNameESP     = `ESP`
	ProtoNameAH      = `AH`
	ProtoNameICMP6   = `IPv6-ICMP`
	ProtoNameL2TP    = `L2TP`
	ProtoNameSCTP    = `SCTP`
	ProtoNameUDPLite = `UDPLite`
	ProtoNameMPLS    = `MPLS-in-IP`
)

Variables

View Source 
var ProtocolNameByID = map[uint8]string{
	ProtocolUnknown: ProtoNameUnknown,
	ProtocolICMP4:   ProtoNameICMP4,
	ProtocolIGMP:    ProtoNameIGMP,
	ProtocolIPv4:    ProtoNameIPv4,
	ProtocolTCP:     ProtoNameTCP,
	ProtocolUDP:     ProtoNameUDP,
	ProtocolIPv6:    ProtoNameIPv6,
	ProtocolGRE:     ProtoNameGRE,
	ProtocolESP:     ProtoNameESP,
	ProtocolAH:      ProtoNameAH,
	ProtocolICMP6:   ProtoNameICMP6,
	ProtocolL2TP:    ProtoNameL2TP,
	ProtocolSCTP:    ProtoNameSCTP,
	ProtocolUDPLite: ProtoNameUDPLite,
	ProtocolMPLS:    ProtoNameMPLS,
}

Functions

func FormatIP 

func FormatIP(addr string) string

Types

type Bitmask added in v0.0.6 

type Bitmask uint16

func ParseBitmask added in v0.0.6 

func ParseBitmask(s string) Bitmask

func (Bitmask) Clear added in v0.0.6 

func (mask Bitmask) Clear(flag Bitmask)

func (Bitmask) Copy added in v0.0.6 

func (mask Bitmask) Copy() Bitmask

func (Bitmask) Has added in v0.0.6 

func (mask Bitmask) Has(flag Bitmask) bool

func (Bitmask) Set added in v0.0.6 

func (mask Bitmask) Set(flag Bitmask)

func (Bitmask) String added in v0.0.6 

func (mask Bitmask) String() string

func (Bitmask) Toggle added in v0.0.6 

func (mask Bitmask) Toggle(flag Bitmask)

type Data 

type Data []kvpair

type EncryptedRecord added in v0.0.4 

type EncryptedRecord struct {
	RecordID     string `json:"RecordID"`
	SessionKeyID string `json:"keyID"`
	Salt         string `json:"salt"`
	Signature    string `json:"signature"`
	Value        string `json:"value"`
	RawSalt      []byte `json:"-"`
	RawSignature []byte `json:"-"`
	RawValue     []byte `json:"-"`
}

EncryptedRecord is the struct for exporting encrypted data, with the value field containing an encrypted serialization of a plaintext struct

type Flags 

type Flags struct {
	NS  bool `json:"ns,string"`
	CWR bool `json:"cwr,string"`
	ECE bool `json:"ece,string"`
	URG bool `json:"urg,string"`
	ACK bool `json:"ack,string"`
	PSH bool `json:"psh,string"`
	RST bool `json:"rst,string"`
	SYN bool `json:"syn,string"`
	FIN bool `json:"fin,string"`
}

func (Flags) Copy added in v0.0.2 

func (f Flags) Copy() Flags
type Header struct {
	Version    int `json:"Version"`
	Length     int `json:"Length"`
	ExportTime int `json:"ExportTime"`
	SequenceNo int `json:"SequenceNo"`
	DomainID   int `json:"DomainID"`
}

type IOC added in v0.0.3 

type IOC struct {
	AgentID   string    `json:"AgentID"`
	Address   string    `json:"Address"`
	IPVersion uint8     `json:"IPVersion"`
	Start     time.Time `json:"DateTimeStart"`
	End       time.Time `json:"DateTimeEnd"`
}

IOC represents a stripped down version of the information contained inside a record, suitable for comparing against IOCs

type Key added in v0.0.4 

type Key struct {
	ID            string `json:"keyID"`
	SlotMap       uint16 `json:"-"`
	Value         []byte `json:"-"`
	Salt          []byte `json:"-"`
	PublicKey     []byte `json:"-"`
	ExportSlotMap int    `json:"decryptionSlotMap"`
	ExportValue   string `json:"encryptedKey"`
	ExportSalt    string `json:"salt"`
	ExportPubKey  string `json:"publicPeerKey"`
	ExportSig     string `json:"signature"`
}

Key represents a session keyfile record used to encrypt records

func (*Key) CalculateMAC added in v0.0.4 

func (k *Key) CalculateMAC() error

CalculateMAC computes the Poly1305 MAC signature over the serialized export values

func (*Key) Serialize added in v0.0.4 

func (k *Key) Serialize()

Serialize encodes the embedded information into new fields in a JSON exportable representation

func (*Key) VerifyMAC added in v0.0.4 

func (k *Key) VerifyMAC() (bool, error)

VerifyMAC computes the Poly1305 MAC signature over the serialized export values and compares it with the contained signature

type Message 

type Message struct {
	AgentID  string `json:"AgentID"`
	Header   Header `json:"Header"`
	DataSets []Data `json:"DataSets"`
}

func (*Message) Convert 

func (m *Message) Convert() <-chan Record

type Plaintext added in v0.0.4 

type Plaintext struct {
	RecordID   string `json:"RecordID"`
	SrcAddress string `json:"SrcAddress"`
	DstAddress string `json:"DstAddress"`
}

Plaintext contains the sensitive information for encryption

type Record 

type Record struct {
	OctetCount     uint64    `json:"OctetCount"`
	PacketCount    uint64    `json:"PacketCount"`
	ProtocolID     uint8     `json:"ProtocolID"`
	Protocol       string    `json:"Protocol,omitempty"`
	IPVersion      uint8     `json:"IPVersion"`
	SrcAddress     string    `json:"SrcAddress"`
	SrcPort        uint16    `json:"SrcPort"`
	DstAddress     string    `json:"DstAddress"`
	DstPort        uint16    `json:"DstPort"`
	TcpControlBits Bitmask   `json:"TcpControlBits"`
	TcpFlags       Flags     `json:"TcpFlags"`
	IngressIf      uint32    `json:"-"`
	EgressIf       uint32    `json:"-"`
	FlowDirection  uint8     `json:"-"`
	StartMilli     time.Time `json:"StartDateTimeMilli"`
	EndMilli       time.Time `json:"EndDateTimeMilli"`
	AgentID        string    `json:"AgentID"`
	RecordID       string    `json:"RecordID"`
	ExpIPv4Addr    string    `json:"-"`
	ExpIPv6Addr    string    `json:"-"`
	ExpPID         uint32    `json:"-"`
}

func (Record) Copy added in v0.0.2 

func (r Record) Copy() Record

func (Record) ExportPlaintext added in v0.0.4 

func (r Record) ExportPlaintext() Plaintext

ExportPlaintext returns the record's data that will become encrypted

func (Record) ToIOC added in v0.0.3 

func (r Record) ToIOC(addr string) IOC

ToIOC exports the IOC relevant information from a record for a given address addr

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.