flowdata

package
v0.0.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 23, 2021 License: BSD-2-Clause, BSD-2-Clause Imports: 11 Imported by: 0

README

Flowdata

Documentation

Overview

Package flowdata contains conversions for processing IPFIX flow messages as emitted by vflow.

Index

Constants

View Source 
const (
	ProtocolUnknown = 0
	ProtocolICMP4   = 1
	ProtocolIGMP    = 2
	ProtocolIPv4    = 3
	ProtocolTCP     = 6
	ProtocolUDP     = 17
	ProtocolIPv6    = 41
	ProtocolGRE     = 47
	ProtocolESP     = 50
	ProtocolAH      = 51
	ProtocolICMP6   = 58
	ProtocolL2TP    = 115
	ProtocolSCTP    = 132
	ProtocolUDPLite = 136
	ProtocolMPLS    = 137

	ProtoNameUnknown = `unknown`
	ProtoNameICMP4   = `ICMP`
	ProtoNameIGMP    = `IGMP`
	ProtoNameIPv4    = `IPv4`
	ProtoNameTCP     = `TCP`
	ProtoNameUDP     = `UDP`
	ProtoNameIPv6    = `IPv6`
	ProtoNameGRE     = `GRE`
	ProtoNameESP     = `ESP`
	ProtoNameAH      = `AH`
	ProtoNameICMP6   = `IPv6-ICMP`
	ProtoNameL2TP    = `L2TP`
	ProtoNameSCTP    = `SCTP`
	ProtoNameUDPLite = `UDPLite`
	ProtoNameMPLS    = `MPLS-in-IP`
)

Variables

View Source 
var ProtocolNameByID = map[uint8]string{
	ProtocolUnknown: ProtoNameUnknown,
	ProtocolICMP4:   ProtoNameICMP4,
	ProtocolIGMP:    ProtoNameIGMP,
	ProtocolIPv4:    ProtoNameIPv4,
	ProtocolTCP:     ProtoNameTCP,
	ProtocolUDP:     ProtoNameUDP,
	ProtocolIPv6:    ProtoNameIPv6,
	ProtocolGRE:     ProtoNameGRE,
	ProtocolESP:     ProtoNameESP,
	ProtocolAH:      ProtoNameAH,
	ProtocolICMP6:   ProtoNameICMP6,
	ProtocolL2TP:    ProtoNameL2TP,
	ProtocolSCTP:    ProtoNameSCTP,
	ProtocolUDPLite: ProtoNameUDPLite,
	ProtocolMPLS:    ProtoNameMPLS,
}

Functions

func FormatIP 

func FormatIP(addr string) string

Types

type Bitmask 

type Bitmask uint16

func ParseBitmask 

func ParseBitmask(s string) Bitmask

func (Bitmask) Clear 

func (mask Bitmask) Clear(flag Bitmask)

func (Bitmask) Copy 

func (mask Bitmask) Copy() Bitmask

func (Bitmask) Has 

func (mask Bitmask) Has(flag Bitmask) bool

func (Bitmask) Set 

func (mask Bitmask) Set(flag Bitmask)

func (Bitmask) String 

func (mask Bitmask) String() string

func (Bitmask) Toggle 

func (mask Bitmask) Toggle(flag Bitmask)

type Data 

type Data []kvpair

type EncryptedRecord 

type EncryptedRecord struct {
	RecordID     string `json:"RecordID"`
	SessionKeyID string `json:"keyID"`
	Salt         string `json:"salt"`
	Signature    string `json:"signature"`
	Value        string `json:"value"`
	RawSalt      []byte `json:"-"`
	RawSignature []byte `json:"-"`
	RawValue     []byte `json:"-"`
}

EncryptedRecord is the struct for exporting encrypted data, with the value field containing an encrypted serialization of a plaintext struct

type Flags 

type Flags struct {
	NS  bool `json:"ns,string"`
	CWR bool `json:"cwr,string"`
	ECE bool `json:"ece,string"`
	URG bool `json:"urg,string"`
	ACK bool `json:"ack,string"`
	PSH bool `json:"psh,string"`
	RST bool `json:"rst,string"`
	SYN bool `json:"syn,string"`
	FIN bool `json:"fin,string"`
}

func (Flags) Copy 

func (f Flags) Copy() Flags
type Header struct {
	Version    int `json:"Version"`
	Length     int `json:"Length"`
	ExportTime int `json:"ExportTime"`
	SequenceNo int `json:"SequenceNo"`
	DomainID   int `json:"DomainID"`
}

type IOC 

type IOC struct {
	AgentID   string    `json:"AgentID"`
	Address   string    `json:"Address"`
	IPVersion uint8     `json:"IPVersion"`
	Start     time.Time `json:"DateTimeStart"`
	End       time.Time `json:"DateTimeEnd"`
}

IOC represents a stripped down version of the information contained inside a record, suitable for comparing against IOCs

type Key 

type Key struct {
	ID            string `json:"keyID"`
	SlotMap       uint16 `json:"-"`
	Value         []byte `json:"-"`
	Salt          []byte `json:"-"`
	PublicKey     []byte `json:"-"`
	ExportSlotMap int    `json:"decryptionSlotMap"`
	ExportValue   string `json:"encryptedKey"`
	ExportSalt    string `json:"salt"`
	ExportPubKey  string `json:"publicPeerKey"`
	ExportSig     string `json:"signature"`
}

Key represents a session keyfile record used to encrypt records

func (*Key) CalculateMAC 

func (k *Key) CalculateMAC() error

CalculateMAC computes the Poly1305 MAC signature over the serialized export values

func (*Key) Serialize 

func (k *Key) Serialize()

Serialize encodes the embedded information into new fields in a JSON exportable representation

func (*Key) VerifyMAC 

func (k *Key) VerifyMAC() (bool, error)

VerifyMAC computes the Poly1305 MAC signature over the serialized export values and compares it with the contained signature

type Message 

type Message struct {
	AgentID  string `json:"AgentID"`
	Header   Header `json:"Header"`
	DataSets []Data `json:"DataSets"`
}

func (*Message) Convert 

func (m *Message) Convert() <-chan Record

type Plaintext 

type Plaintext struct {
	RecordID   string `json:"RecordID"`
	SrcAddress string `json:"SrcAddress"`
	DstAddress string `json:"DstAddress"`
}

Plaintext contains the sensitive information for encryption

type Record 

type Record struct {
	OctetCount     uint64    `json:"OctetCount"`
	PacketCount    uint64    `json:"PacketCount"`
	ProtocolID     uint8     `json:"ProtocolID"`
	Protocol       string    `json:"Protocol,omitempty"`
	IPVersion      uint8     `json:"IPVersion"`
	SrcAddress     string    `json:"SrcAddress"`
	SrcPort        uint16    `json:"SrcPort"`
	DstAddress     string    `json:"DstAddress"`
	DstPort        uint16    `json:"DstPort"`
	TcpControlBits Bitmask   `json:"TcpControlBits"`
	TcpFlags       Flags     `json:"TcpFlags"`
	IngressIf      uint32    `json:"-"`
	EgressIf       uint32    `json:"-"`
	FlowDirection  uint8     `json:"-"`
	StartMilli     time.Time `json:"StartDateTimeMilli"`
	EndMilli       time.Time `json:"EndDateTimeMilli"`
	AgentID        string    `json:"AgentID"`
	RecordID       string    `json:"RecordID"`
	ExpIPv4Addr    string    `json:"-"`
	ExpIPv6Addr    string    `json:"-"`
	ExpPID         uint32    `json:"-"`
}

func (Record) Copy 

func (r Record) Copy() Record

func (Record) ExportPlaintext 

func (r Record) ExportPlaintext() Plaintext

ExportPlaintext returns the record's data that will become encrypted

func (Record) ToIOC 

func (r Record) ToIOC(addr string) IOC

ToIOC exports the IOC relevant information from a record for a given address addr

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.