enrichers

package
v0.0.0-...-5126b6f Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 16, 2021 License: GPL-3.0 Imports: 16 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var PROTOMAP = map[uint32]string{
	1:  "ICMP",
	4:  "IPv4",
	6:  "TCP",
	17: "UDP",
	50: "ESP",
}

TODO: make configurable

View Source 
var TrieV4, TrieV6 ip_prefix_trie.TrieNode

We have to use separate tries for IPv4 and IPv6 TODO: maybe replace this with the newer, not homemade kentik/patricia

Functions

func AddCid 

func AddCid(address net.IP, flowmsg flow.FlowMessage) *flow.FlowMessage

This function matches the address in the correct Trie and annotates the flow message with the result. It takes an address in addition to the flow message so it does not have to determine which address in the flow is local. This knowledge comes from the peerinfo enricher.

func AddGeoloc 

func AddGeoloc(address net.IP, flow flow.FlowMessage) *flow.FlowMessage

Adds Geoloc of the provided (remote) address to the flow message.

func AddNormalize 

func AddNormalize(flowmsg flow.FlowMessage) *flow.FlowMessage

Normalize Bytes, Packets and set the Normalized field. It is best if InitIfaces has been called to provide an additional source of sampling rates, but it is not required.

func AddProtoName 

func AddProtoName(flowmsg flow.FlowMessage) *flow.FlowMessage

Annotate a ProtoName field to the flow message.

func AddSnmp 

func AddSnmp(flowmsg flow.FlowMessage) *flow.FlowMessage

Annotate a flow with data from SNMP. If there is no information in the cache, uninitialized values will be set and a SNMP request will be created in the background. Adds Iface Name, Desc and Speed.

func CloseGeoloc 

func CloseGeoloc()

Close geolocation database. It's best to defer this after Init.

func InitCid 

func InitCid(file string)

This will read the prefix list CSV and populate both Tries (v4 and v6)

func InitGeoloc 

func InitGeoloc(path string)

Open geolocation database.

func InitSnmp 

func InitSnmp(regex string, community string)

Init Caching, compile the Regex and set the SNMP Community global. Also set up hourly refreshs of the cached data.

Types

type CombinedEnricher 

type CombinedEnricher struct {
	// add the cid of the local address.
	AddCID bool
	// Location of the CID 'database', in CSV format.
	CIDDb string

	// add the geoloc of the remote address.
	AddGeoLoc bool
	// Location of the GeoLite2 mmdb file.
	GeoLocDb string

	// add the protocol name.
	AddProtoName bool

	// normalize fields with their sampling rate.
	AddNormalize bool

	// add the interface descriptions via SNMP.
	AddSNMP bool
	// The Community used when connecting via SNMP.
	SNMPCommunity string
	// The RegEx used to truncate the interface description.
	SNMPIfDescRegex string
	// contains filtered or unexported fields
}

CombinedEnricher combines the different enrichers into one.

func (*CombinedEnricher) Initialize 

func (e *CombinedEnricher) Initialize()

Initialize the enricher. This is safe to call multiple times.

func (*CombinedEnricher) Process 

func (e *CombinedEnricher) Process(msg *bwmessage.FlowMessage) *bwmessage.FlowMessage

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.