Version: v0.0.0-...-8992419 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Jan 22, 2020 License: Apache-2.0 Imports: 22 Imported by: 0



Package database keeps track of flow information



View Source
const (
	OpEqual   = 0
	OpUnequal = 1
	OpSmaller = 2
	OpGreater = 3

These constants are used in communication with the frontend

View Source
const (
	FieldTimestamp = iota

These constants are only used internally


This section is empty.


func GetBreakdownLabels

func GetBreakdownLabels() []string

GetBreakdownLabels returns a sorted list of known breakdown labels

func GetFieldByName

func GetFieldByName(name string) int

GetFieldByName returns the internal number of a field


type BreakdownFlags

type BreakdownFlags struct {
	Family     bool
	SrcAddr    bool
	DstAddr    bool
	Protocol   bool
	IntIn      bool
	IntOut     bool
	NextHop    bool
	SrcAsn     bool
	DstAsn     bool
	NextHopAsn bool
	SrcPfx     bool
	DstPfx     bool
	SrcPort    bool
	DstPort    bool
	IntInName  bool
	IntOutName bool

BreakdownFlags defines by what fields data should be broken down in a query

func (*BreakdownFlags) Count

func (bf *BreakdownFlags) Count() (count int)

Count returns the number of enabled breakdown flags

func (*BreakdownFlags) Set

func (bf *BreakdownFlags) Set(keys []string) error

Set enables the flags in the given list

type BreakdownKey

type BreakdownKey [FieldMax]string

BreakdownKey is the key used for the brakedown map

func (*BreakdownKey) Join

func (bk *BreakdownKey) Join(format string) string

Join formats the keys and joins them with commas

type BreakdownMap

type BreakdownMap map[BreakdownKey]uint64

BreakdownMap maps breakdown keys to values

type Condition

type Condition struct {
	Field    int
	Operator int
	Operand  []byte

Condition represents a query condition

type Conditions

type Conditions []Condition

Conditions represents a set of conditions of a query

func (Conditions) Includes

func (conditions Conditions) Includes(field int, operator int) bool

Includes checks if the given field and operator is included in the list

type FlowDatabase

type FlowDatabase struct {
	Input chan *netflow.Flow
	// contains filtered or unexported fields

FlowDatabase represents a flow database object

func New

func New(aggregation int64, maxAge int64, numAddWorker int, debug int, compLevel int, storage string, anonymize bool, intfMapper intfmapper.IntfMapperInterface, agentsNameByIP map[string]string, iana *iana.IANA) *FlowDatabase

New creates a new FlowDatabase and returns a pointer to it

func (*FlowDatabase) Add

func (fdb *FlowDatabase) Add(fl *netflow.Flow)

Add adds flow `fl` to database fdb

func (*FlowDatabase) AggregationPeriod

func (fdb *FlowDatabase) AggregationPeriod() int64

AggregationPeriod returns the configured aggregation period

func (*FlowDatabase) CleanUp

func (fdb *FlowDatabase) CleanUp()

CleanUp deletes all flows from database `fdb` that are older than `maxAge` seconds

func (*FlowDatabase) CurrentTimeslot

func (fdb *FlowDatabase) CurrentTimeslot() int64

CurrentTimeslot returns the beginning of the current timeslot

func (*FlowDatabase) Dumper

func (fdb *FlowDatabase) Dumper()

Dumper dumps all flows in `fdb` to hard drive that haven't been dumped yet

func (*FlowDatabase) RunQuery

func (fdb *FlowDatabase) RunQuery(q *Query) (*Result, error)

RunQuery executes a query and returns the result

type FlowsByTimeRtr

type FlowsByTimeRtr map[int64]map[string]*TimeGroup

FlowsByTimeRtr holds all keys (and thus is the only way) to our flows

type Query

type Query struct {
	Cond      Conditions
	Breakdown BreakdownFlags
	TopN      int

Query is the internal representation of a query

type Result

type Result struct {
	TopKeys     map[BreakdownKey]void
	Timestamps  []int64                // sorted timestamps
	Data        map[int64]BreakdownMap // timestamps -> keys -> values
	Aggregation int64

Result is the result of a query

func (*Result) WriteCSV

func (res *Result) WriteCSV(writer io.Writer)

WriteCSV writes the result as CSV into the writer

type TimeGroup

type TimeGroup struct {
	Any               *mapTree // Workaround: Why a map? Because: cannot assign to flows[fl.Timestamp][rtr].Any
	SrcAddr           *mapTree
	DstAddr           *mapTree
	Protocol          *mapTree
	IntIn             *mapTree
	IntOut            *mapTree
	NextHop           *mapTree
	SrcAs             *mapTree
	DstAs             *mapTree
	NextHopAs         *mapTree
	SrcPfx            *mapTree
	DstPfx            *mapTree
	SrcPort           *mapTree
	DstPort           *mapTree
	InterfaceIDByName intfmapper.InterfaceIDByName

TimeGroup groups all indices to flows of a particular router at a particular time into one object

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
t or T : Toggle theme light dark auto
y or Y : Canonical URL