You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
fw-daemon/vendor/github.com/google/gopacket/layers/sflow.go

2180 lines
84 KiB

// Copyright 2014 Google, Inc. All rights reserved.
//
// Use of this source code is governed by a BSD-style license
// that can be found in the LICENSE file in the root of the source
// tree.
/*
This layer decodes SFlow version 5 datagrams.
The specification can be found here: http://sflow.org/sflow_version_5.txt
Additional developer information about sflow can be found at:
http://sflow.org/developers/specifications.php
And SFlow in general:
http://sflow.org/index.php
Two forms of sample data are defined: compact and expanded. The
Specification has this to say:
Compact and expand forms of counter and flow samples are defined.
An agent must not mix compact/expanded encodings. If an agent
will never use ifIndex numbers >= 2^24 then it must use compact
encodings for all interfaces. Otherwise the expanded formats must
be used for all interfaces.
This decoder only supports the compact form, because that is the only
one for which data was avaialble.
The datagram is composed of one or more samples of type flow or counter,
and each sample is composed of one or more records describing the sample.
A sample is a single instance of sampled inforamtion, and each record in
the sample gives additional / supplimentary information about the sample.
The following sample record types are supported:
Raw Packet Header
opaque = flow_data; enterprise = 0; format = 1
Extended Switch Data
opaque = flow_data; enterprise = 0; format = 1001
Extended Router Data
opaque = flow_data; enterprise = 0; format = 1002
Extended Gateway Data
opaque = flow_data; enterprise = 0; format = 1003
Extended User Data
opaque = flow_data; enterprise = 0; format = 1004
Extended URL Data
opaque = flow_data; enterprise = 0; format = 1005
The following types of counter records are supported:
Generic Interface Counters - see RFC 2233
opaque = counter_data; enterprise = 0; format = 1
Ethernet Interface Counters - see RFC 2358
opaque = counter_data; enterprise = 0; format = 2
SFlow is encoded using XDR (RFC4506). There are a few places
where the standard 4-byte fields are partitioned into two
bitfields of different lengths. I'm not sure why the designers
chose to pack together two values like this in some places, and
in others they use the entire 4-byte value to store a number that
will never be more than a few bits. In any case, there are a couple
of types defined to handle the decoding of these bitfields, and
that's why they're there. */
package layers
import (
"encoding/binary"
"errors"
"fmt"
"net"
"github.com/google/gopacket"
)
// SFlowRecord holds both flow sample records and counter sample records.
// A Record is the structure that actually holds the sampled data
// and / or counters.
type SFlowRecord interface {
}
// SFlowDataSource encodes a 2-bit SFlowSourceFormat in its most significant
// 2 bits, and an SFlowSourceValue in its least significant 30 bits.
// These types and values define the meaning of the inteface information
// presented in the sample metadata.
type SFlowDataSource int32
func (sdc SFlowDataSource) decode() (SFlowSourceFormat, SFlowSourceValue) {
leftField := sdc >> 30
rightField := uint32(0x3FFFFFFF) & uint32(sdc)
return SFlowSourceFormat(leftField), SFlowSourceValue(rightField)
}
type SFlowDataSourceExpanded struct {
SourceIDClass SFlowSourceFormat
SourceIDIndex SFlowSourceValue
}
func (sdce SFlowDataSourceExpanded) decode() (SFlowSourceFormat, SFlowSourceValue) {
leftField := sdce.SourceIDClass >> 30
rightField := uint32(0x3FFFFFFF) & uint32(sdce.SourceIDIndex)
return SFlowSourceFormat(leftField), SFlowSourceValue(rightField)
}
type SFlowSourceFormat uint32
type SFlowSourceValue uint32
const (
SFlowTypeSingleInterface SFlowSourceFormat = 0
SFlowTypePacketDiscarded SFlowSourceFormat = 1
SFlowTypeMultipleDestinations SFlowSourceFormat = 2
)
func (sdf SFlowSourceFormat) String() string {
switch sdf {
case SFlowTypeSingleInterface:
return "Single Interface"
case SFlowTypePacketDiscarded:
return "Packet Discarded"
case SFlowTypeMultipleDestinations:
return "Multiple Destinations"
default:
return "UNKNOWN"
}
}
func decodeSFlow(data []byte, p gopacket.PacketBuilder) error {
s := &SFlowDatagram{}
err := s.DecodeFromBytes(data, p)
if err != nil {
return err
}
p.AddLayer(s)
p.SetApplicationLayer(s)
return nil
}
// SFlowDatagram is the outermost container which holds some basic information
// about the reporting agent, and holds at least one sample record
type SFlowDatagram struct {
BaseLayer
DatagramVersion uint32
AgentAddress net.IP
SubAgentID uint32
SequenceNumber uint32
AgentUptime uint32
SampleCount uint32
FlowSamples []SFlowFlowSample
CounterSamples []SFlowCounterSample
}
// An SFlow datagram's outer container has the following
// structure:
// 0 15 31
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | int sFlow version (2|4|5) |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | int IP version of the Agent (1=v4|2=v6) |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// / Agent IP address (v4=4byte|v6=16byte) /
// / /
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | int sub agent id |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | int datagram sequence number |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | int switch uptime in ms |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | int n samples in datagram |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// / n samples /
// / /
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// SFlowDataFormat encodes the EnterpriseID in the most
// significant 12 bits, and the SampleType in the least significant
// 20 bits.
type SFlowDataFormat uint32
func (sdf SFlowDataFormat) decode() (SFlowEnterpriseID, SFlowSampleType) {
leftField := sdf >> 12
rightField := uint32(0xFFF) & uint32(sdf)
return SFlowEnterpriseID(leftField), SFlowSampleType(rightField)
}
// SFlowEnterpriseID is used to differentiate between the
// official SFlow standard, and other, vendor-specific
// types of flow data. (Similiar to SNMP's enterprise MIB
// OIDs) Only the office SFlow Enterprise ID is decoded
// here.
type SFlowEnterpriseID uint32
const (
SFlowStandard SFlowEnterpriseID = 0
)
func (eid SFlowEnterpriseID) String() string {
switch eid {
case SFlowStandard:
return "Standard SFlow"
default:
return ""
}
}
func (eid SFlowEnterpriseID) GetType() SFlowEnterpriseID {
return SFlowStandard
}
// SFlowSampleType specifies the type of sample. Only flow samples
// and counter samples are supported
type SFlowSampleType uint32
const (
SFlowTypeFlowSample SFlowSampleType = 1
SFlowTypeCounterSample SFlowSampleType = 2
SFlowTypeExpandedFlowSample SFlowSampleType = 3
SFlowTypeExpandedCounterSample SFlowSampleType = 4
)
func (st SFlowSampleType) GetType() SFlowSampleType {
switch st {
case SFlowTypeFlowSample:
return SFlowTypeFlowSample
case SFlowTypeCounterSample:
return SFlowTypeCounterSample
case SFlowTypeExpandedFlowSample:
return SFlowTypeExpandedFlowSample
case SFlowTypeExpandedCounterSample:
return SFlowTypeExpandedCounterSample
default:
panic("Invalid Sample Type")
}
}
func (st SFlowSampleType) String() string {
switch st {
case SFlowTypeFlowSample:
return "Flow Sample"
case SFlowTypeCounterSample:
return "Counter Sample"
case SFlowTypeExpandedFlowSample:
return "Expanded Flow Sample"
case SFlowTypeExpandedCounterSample:
return "Expanded Counter Sample"
default:
return ""
}
}
func (s *SFlowDatagram) LayerType() gopacket.LayerType { return LayerTypeSFlow }
func (d *SFlowDatagram) Payload() []byte { return nil }
func (d *SFlowDatagram) CanDecode() gopacket.LayerClass { return LayerTypeSFlow }
func (d *SFlowDatagram) NextLayerType() gopacket.LayerType { return gopacket.LayerTypePayload }
// SFlowIPType determines what form the IP address being decoded will
// take. This is an XDR union type allowing for both IPv4 and IPv6
type SFlowIPType uint32
const (
SFlowIPv4 SFlowIPType = 1
SFlowIPv6 SFlowIPType = 2
)
func (s SFlowIPType) String() string {
switch s {
case SFlowIPv4:
return "IPv4"
case SFlowIPv6:
return "IPv6"
default:
return ""
}
}
func (s SFlowIPType) Length() int {
switch s {
case SFlowIPv4:
return 4
case SFlowIPv6:
return 16
default:
return 0
}
}
func (s *SFlowDatagram) DecodeFromBytes(data []byte, df gopacket.DecodeFeedback) error {
var agentAddressType SFlowIPType
data, s.DatagramVersion = data[4:], binary.BigEndian.Uint32(data[:4])
data, agentAddressType = data[4:], SFlowIPType(binary.BigEndian.Uint32(data[:4]))
data, s.AgentAddress = data[agentAddressType.Length():], data[:agentAddressType.Length()]
data, s.SubAgentID = data[4:], binary.BigEndian.Uint32(data[:4])
data, s.SequenceNumber = data[4:], binary.BigEndian.Uint32(data[:4])
data, s.AgentUptime = data[4:], binary.BigEndian.Uint32(data[:4])
data, s.SampleCount = data[4:], binary.BigEndian.Uint32(data[:4])
if s.SampleCount < 1 {
return fmt.Errorf("SFlow Datagram has invalid sample length: %d", s.SampleCount)
}
for i := uint32(0); i < s.SampleCount; i++ {
sdf := SFlowDataFormat(binary.BigEndian.Uint32(data[:4]))
_, sampleType := sdf.decode()
switch sampleType {
case SFlowTypeFlowSample:
if flowSample, err := decodeFlowSample(&data, false); err == nil {
s.FlowSamples = append(s.FlowSamples, flowSample)
} else {
return err
}
case SFlowTypeCounterSample:
if counterSample, err := decodeCounterSample(&data, false); err == nil {
s.CounterSamples = append(s.CounterSamples, counterSample)
} else {
return err
}
case SFlowTypeExpandedFlowSample:
if flowSample, err := decodeFlowSample(&data, true); err == nil {
s.FlowSamples = append(s.FlowSamples, flowSample)
} else {
return err
}
case SFlowTypeExpandedCounterSample:
if counterSample, err := decodeCounterSample(&data, true); err == nil {
s.CounterSamples = append(s.CounterSamples, counterSample)
} else {
return err
}
default:
return fmt.Errorf("Unsupported SFlow sample type %d", sampleType)
}
}
return nil
}
// SFlowFlowSample represents a sampled packet and contains
// one or more records describing the packet
type SFlowFlowSample struct {
EnterpriseID SFlowEnterpriseID
Format SFlowSampleType
SampleLength uint32
SequenceNumber uint32
SourceIDClass SFlowSourceFormat
SourceIDIndex SFlowSourceValue
SamplingRate uint32
SamplePool uint32
Dropped uint32
InputInterfaceFormat uint32
InputInterface uint32
OutputInterfaceFormat uint32
OutputInterface uint32
RecordCount uint32
Records []SFlowRecord
}
// Flow samples have the following structure. Note
// the bit fields to encode the Enterprise ID and the
// Flow record format: type 1
// 0 15 31
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | 20 bit Interprise (0) |12 bit format |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | sample length |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | int sample sequence number |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// |id type | src id index value |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | int sampling rate |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | int sample pool |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | int drops |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | int input ifIndex |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | int output ifIndex |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | int number of records |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// / flow records /
// / /
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// Flow samples have the following structure.
// Flow record format: type 3
// 0 15 31
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | 20 bit Interprise (0) |12 bit format |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | sample length |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | int sample sequence number |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | int src id type |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | int src id index value |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | int sampling rate |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | int sample pool |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | int drops |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | int input interface format |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | int input interface value |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | int output interface format |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | int output interface value |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | int number of records |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// / flow records /
// / /
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
type SFlowFlowDataFormat uint32
func (fdf SFlowFlowDataFormat) decode() (SFlowEnterpriseID, SFlowFlowRecordType) {
leftField := fdf >> 12
rightField := uint32(0xFFF) & uint32(fdf)
return SFlowEnterpriseID(leftField), SFlowFlowRecordType(rightField)
}
func (fs SFlowFlowSample) GetRecords() []SFlowRecord {
return fs.Records
}
func (fs SFlowFlowSample) GetType() SFlowSampleType {
return SFlowTypeFlowSample
}
func skipRecord(data *[]byte) {
recordLength := int(binary.BigEndian.Uint32((*data)[4:]))
*data = (*data)[(recordLength+((4-recordLength)%4))+8:]
}
func decodeFlowSample(data *[]byte, expanded bool) (SFlowFlowSample, error) {
s := SFlowFlowSample{}
var sdf SFlowDataFormat
*data, sdf = (*data)[4:], SFlowDataFormat(binary.BigEndian.Uint32((*data)[:4]))
var sdc SFlowDataSource
s.EnterpriseID, s.Format = sdf.decode()
*data, s.SampleLength = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
*data, s.SequenceNumber = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
if expanded {
*data, s.SourceIDClass = (*data)[4:], SFlowSourceFormat(binary.BigEndian.Uint32((*data)[:4]))
*data, s.SourceIDIndex = (*data)[4:], SFlowSourceValue(binary.BigEndian.Uint32((*data)[:4]))
} else {
*data, sdc = (*data)[4:], SFlowDataSource(binary.BigEndian.Uint32((*data)[:4]))
s.SourceIDClass, s.SourceIDIndex = sdc.decode()
}
*data, s.SamplingRate = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
*data, s.SamplePool = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
*data, s.Dropped = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
if expanded {
*data, s.InputInterfaceFormat = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
*data, s.InputInterface = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
*data, s.OutputInterfaceFormat = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
*data, s.OutputInterface = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
} else {
*data, s.InputInterface = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
*data, s.OutputInterface = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
}
*data, s.RecordCount = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
for i := uint32(0); i < s.RecordCount; i++ {
rdf := SFlowFlowDataFormat(binary.BigEndian.Uint32((*data)[:4]))
_, flowRecordType := rdf.decode()
switch flowRecordType {
case SFlowTypeRawPacketFlow:
if record, err := decodeRawPacketFlowRecord(data); err == nil {
s.Records = append(s.Records, record)
} else {
return s, err
}
case SFlowTypeExtendedUserFlow:
if record, err := decodeExtendedUserFlow(data); err == nil {
s.Records = append(s.Records, record)
} else {
return s, err
}
case SFlowTypeExtendedUrlFlow:
if record, err := decodeExtendedURLRecord(data); err == nil {
s.Records = append(s.Records, record)
} else {
return s, err
}
case SFlowTypeExtendedSwitchFlow:
if record, err := decodeExtendedSwitchFlowRecord(data); err == nil {
s.Records = append(s.Records, record)
} else {
return s, err
}
case SFlowTypeExtendedRouterFlow:
if record, err := decodeExtendedRouterFlowRecord(data); err == nil {
s.Records = append(s.Records, record)
} else {
return s, err
}
case SFlowTypeExtendedGatewayFlow:
if record, err := decodeExtendedGatewayFlowRecord(data); err == nil {
s.Records = append(s.Records, record)
} else {
return s, err
}
case SFlowTypeEthernetFrameFlow:
// TODO
skipRecord(data)
return s, errors.New("skipping TypeEthernetFrameFlow")
case SFlowTypeIpv4Flow:
if record, err := decodeSFlowIpv4Record(data); err == nil {
s.Records = append(s.Records, record)
} else {
return s, err
}
case SFlowTypeIpv6Flow:
if record, err := decodeSFlowIpv6Record(data); err == nil {
s.Records = append(s.Records, record)
} else {
return s, err
}
case SFlowTypeExtendedMlpsFlow:
// TODO
skipRecord(data)
return s, errors.New("skipping TypeExtendedMlpsFlow")
case SFlowTypeExtendedNatFlow:
// TODO
skipRecord(data)
return s, errors.New("skipping TypeExtendedNatFlow")
case SFlowTypeExtendedMlpsTunnelFlow:
// TODO
skipRecord(data)
return s, errors.New("skipping TypeExtendedMlpsTunnelFlow")
case SFlowTypeExtendedMlpsVcFlow:
// TODO
skipRecord(data)
return s, errors.New("skipping TypeExtendedMlpsVcFlow")
case SFlowTypeExtendedMlpsFecFlow:
// TODO
skipRecord(data)
return s, errors.New("skipping TypeExtendedMlpsFecFlow")
case SFlowTypeExtendedMlpsLvpFecFlow:
// TODO
skipRecord(data)
return s, errors.New("skipping TypeExtendedMlpsLvpFecFlow")
case SFlowTypeExtendedVlanFlow:
// TODO
skipRecord(data)
return s, errors.New("skipping TypeExtendedVlanFlow")
case SFlowTypeExtendedIpv4TunnelEgressFlow:
if record, err := decodeExtendedIpv4TunnelEgress(data); err == nil {
s.Records = append(s.Records, record)
} else {
return s, err
}
case SFlowTypeExtendedIpv4TunnelIngressFlow:
if record, err := decodeExtendedIpv4TunnelIngress(data); err == nil {
s.Records = append(s.Records, record)
} else {
return s, err
}
case SFlowTypeExtendedIpv6TunnelEgressFlow:
if record, err := decodeExtendedIpv6TunnelEgress(data); err == nil {
s.Records = append(s.Records, record)
} else {
return s, err
}
case SFlowTypeExtendedIpv6TunnelIngressFlow:
if record, err := decodeExtendedIpv6TunnelIngress(data); err == nil {
s.Records = append(s.Records, record)
} else {
return s, err
}
case SFlowTypeExtendedDecapsulateEgressFlow:
if record, err := decodeExtendedDecapsulateEgress(data); err == nil {
s.Records = append(s.Records, record)
} else {
return s, err
}
case SFlowTypeExtendedDecapsulateIngressFlow:
if record, err := decodeExtendedDecapsulateIngress(data); err == nil {
s.Records = append(s.Records, record)
} else {
return s, err
}
case SFlowTypeExtendedVniEgressFlow:
if record, err := decodeExtendedVniEgress(data); err == nil {
s.Records = append(s.Records, record)
} else {
return s, err
}
case SFlowTypeExtendedVniIngressFlow:
if record, err := decodeExtendedVniIngress(data); err == nil {
s.Records = append(s.Records, record)
} else {
return s, err
}
default:
return s, fmt.Errorf("Unsupported flow record type: %d", flowRecordType)
}
}
return s, nil
}
// Counter samples report information about various counter
// objects. Typically these are items like IfInOctets, or
// CPU / Memory stats, etc. SFlow will report these at regular
// intervals as configured on the agent. If one were sufficiently
// industrious, this could be used to replace the typical
// SNMP polling used for such things.
type SFlowCounterSample struct {
EnterpriseID SFlowEnterpriseID
Format SFlowSampleType
SampleLength uint32
SequenceNumber uint32
SourceIDClass SFlowSourceFormat
SourceIDIndex SFlowSourceValue
RecordCount uint32
Records []SFlowRecord
}
// Counter samples have the following structure:
// 0 15 31
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | int sample sequence number |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// |id type | src id index value |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | int number of records |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// / counter records /
// / /
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
type SFlowCounterDataFormat uint32
func (cdf SFlowCounterDataFormat) decode() (SFlowEnterpriseID, SFlowCounterRecordType) {
leftField := cdf >> 12
rightField := uint32(0xFFF) & uint32(cdf)
return SFlowEnterpriseID(leftField), SFlowCounterRecordType(rightField)
}
// GetRecords will return a slice of interface types
// representing records. A type switch can be used to
// get at the underlying SFlowCounterRecordType.
func (cs SFlowCounterSample) GetRecords() []SFlowRecord {
return cs.Records
}
// GetType will report the type of sample. Only the
// compact form of counter samples is supported
func (cs SFlowCounterSample) GetType() SFlowSampleType {
return SFlowTypeCounterSample
}
type SFlowCounterRecordType uint32
const (
SFlowTypeGenericInterfaceCounters SFlowCounterRecordType = 1
SFlowTypeEthernetInterfaceCounters SFlowCounterRecordType = 2
SFlowTypeTokenRingInterfaceCounters SFlowCounterRecordType = 3
SFlowType100BaseVGInterfaceCounters SFlowCounterRecordType = 4
SFlowTypeVLANCounters SFlowCounterRecordType = 5
SFlowTypeProcessorCounters SFlowCounterRecordType = 1001
)
func (cr SFlowCounterRecordType) String() string {
switch cr {
case SFlowTypeGenericInterfaceCounters:
return "Generic Interface Counters"
case SFlowTypeEthernetInterfaceCounters:
return "Ethernet Interface Counters"
case SFlowTypeTokenRingInterfaceCounters:
return "Token Ring Interface Counters"
case SFlowType100BaseVGInterfaceCounters:
return "100BaseVG Interface Counters"
case SFlowTypeVLANCounters:
return "VLAN Counters"
case SFlowTypeProcessorCounters:
return "Processor Counters"
default:
return ""
}
}
func decodeCounterSample(data *[]byte, expanded bool) (SFlowCounterSample, error) {
s := SFlowCounterSample{}
var sdc SFlowDataSource
var sdce SFlowDataSourceExpanded
var sdf SFlowDataFormat
*data, sdf = (*data)[4:], SFlowDataFormat(binary.BigEndian.Uint32((*data)[:4]))
s.EnterpriseID, s.Format = sdf.decode()
*data, s.SampleLength = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
*data, s.SequenceNumber = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
if expanded {
*data, sdce = (*data)[8:], SFlowDataSourceExpanded{SFlowSourceFormat(binary.BigEndian.Uint32((*data)[:4])), SFlowSourceValue(binary.BigEndian.Uint32((*data)[4:8]))}
s.SourceIDClass, s.SourceIDIndex = sdce.decode()
} else {
*data, sdc = (*data)[4:], SFlowDataSource(binary.BigEndian.Uint32((*data)[:4]))
s.SourceIDClass, s.SourceIDIndex = sdc.decode()
}
*data, s.RecordCount = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
for i := uint32(0); i < s.RecordCount; i++ {
cdf := SFlowCounterDataFormat(binary.BigEndian.Uint32((*data)[:4]))
_, counterRecordType := cdf.decode()
switch counterRecordType {
case SFlowTypeGenericInterfaceCounters:
if record, err := decodeGenericInterfaceCounters(data); err == nil {
s.Records = append(s.Records, record)
} else {
return s, err
}
case SFlowTypeEthernetInterfaceCounters:
if record, err := decodeEthernetCounters(data); err == nil {
s.Records = append(s.Records, record)
} else {
return s, err
}
case SFlowTypeTokenRingInterfaceCounters:
skipRecord(data)
return s, errors.New("skipping TypeTokenRingInterfaceCounters")
case SFlowType100BaseVGInterfaceCounters:
skipRecord(data)
return s, errors.New("skipping Type100BaseVGInterfaceCounters")
case SFlowTypeVLANCounters:
skipRecord(data)
return s, errors.New("skipping TypeVLANCounters")
case SFlowTypeProcessorCounters:
if record, err := decodeProcessorCounters(data); err == nil {
s.Records = append(s.Records, record)
} else {
return s, err
}
default:
return s, fmt.Errorf("Invalid counter record type: %d", counterRecordType)
}
}
return s, nil
}
// SFlowBaseFlowRecord holds the fields common to all records
// of type SFlowFlowRecordType
type SFlowBaseFlowRecord struct {
EnterpriseID SFlowEnterpriseID
Format SFlowFlowRecordType
FlowDataLength uint32
}
func (bfr SFlowBaseFlowRecord) GetType() SFlowFlowRecordType {
return bfr.Format
}
// SFlowFlowRecordType denotes what kind of Flow Record is
// represented. See RFC 3176
type SFlowFlowRecordType uint32
const (
SFlowTypeRawPacketFlow SFlowFlowRecordType = 1
SFlowTypeEthernetFrameFlow SFlowFlowRecordType = 2
SFlowTypeIpv4Flow SFlowFlowRecordType = 3
SFlowTypeIpv6Flow SFlowFlowRecordType = 4
SFlowTypeExtendedSwitchFlow SFlowFlowRecordType = 1001
SFlowTypeExtendedRouterFlow SFlowFlowRecordType = 1002
SFlowTypeExtendedGatewayFlow SFlowFlowRecordType = 1003
SFlowTypeExtendedUserFlow SFlowFlowRecordType = 1004
SFlowTypeExtendedUrlFlow SFlowFlowRecordType = 1005
SFlowTypeExtendedMlpsFlow SFlowFlowRecordType = 1006
SFlowTypeExtendedNatFlow SFlowFlowRecordType = 1007
SFlowTypeExtendedMlpsTunnelFlow SFlowFlowRecordType = 1008
SFlowTypeExtendedMlpsVcFlow SFlowFlowRecordType = 1009
SFlowTypeExtendedMlpsFecFlow SFlowFlowRecordType = 1010
SFlowTypeExtendedMlpsLvpFecFlow SFlowFlowRecordType = 1011
SFlowTypeExtendedVlanFlow SFlowFlowRecordType = 1012
SFlowTypeExtendedIpv4TunnelEgressFlow SFlowFlowRecordType = 1023
SFlowTypeExtendedIpv4TunnelIngressFlow SFlowFlowRecordType = 1024
SFlowTypeExtendedIpv6TunnelEgressFlow SFlowFlowRecordType = 1025
SFlowTypeExtendedIpv6TunnelIngressFlow SFlowFlowRecordType = 1026
SFlowTypeExtendedDecapsulateEgressFlow SFlowFlowRecordType = 1027
SFlowTypeExtendedDecapsulateIngressFlow SFlowFlowRecordType = 1028
SFlowTypeExtendedVniEgressFlow SFlowFlowRecordType = 1029
SFlowTypeExtendedVniIngressFlow SFlowFlowRecordType = 1030
)
func (rt SFlowFlowRecordType) String() string {
switch rt {
case SFlowTypeRawPacketFlow:
return "Raw Packet Flow Record"
case SFlowTypeEthernetFrameFlow:
return "Ethernet Frame Flow Record"
case SFlowTypeIpv4Flow:
return "IPv4 Flow Record"
case SFlowTypeIpv6Flow:
return "IPv6 Flow Record"
case SFlowTypeExtendedSwitchFlow:
return "Extended Switch Flow Record"
case SFlowTypeExtendedRouterFlow:
return "Extended Router Flow Record"
case SFlowTypeExtendedGatewayFlow:
return "Extended Gateway Flow Record"
case SFlowTypeExtendedUserFlow:
return "Extended User Flow Record"
case SFlowTypeExtendedUrlFlow:
return "Extended URL Flow Record"
case SFlowTypeExtendedMlpsFlow:
return "Extended MPLS Flow Record"
case SFlowTypeExtendedNatFlow:
return "Extended NAT Flow Record"
case SFlowTypeExtendedMlpsTunnelFlow:
return "Extended MPLS Tunnel Flow Record"
case SFlowTypeExtendedMlpsVcFlow:
return "Extended MPLS VC Flow Record"
case SFlowTypeExtendedMlpsFecFlow:
return "Extended MPLS FEC Flow Record"
case SFlowTypeExtendedMlpsLvpFecFlow:
return "Extended MPLS LVP FEC Flow Record"
case SFlowTypeExtendedVlanFlow:
return "Extended VLAN Flow Record"
case SFlowTypeExtendedIpv4TunnelEgressFlow:
return "Extended IPv4 Tunnel Egress Record"
case SFlowTypeExtendedIpv4TunnelIngressFlow:
return "Extended IPv4 Tunnel Ingress Record"
case SFlowTypeExtendedIpv6TunnelEgressFlow:
return "Extended IPv6 Tunnel Egress Record"
case SFlowTypeExtendedIpv6TunnelIngressFlow:
return "Extended IPv6 Tunnel Ingress Record"
case SFlowTypeExtendedDecapsulateEgressFlow:
return "Extended Decapsulate Egress Record"
case SFlowTypeExtendedDecapsulateIngressFlow:
return "Extended Decapsulate Ingress Record"
case SFlowTypeExtendedVniEgressFlow:
return "Extended VNI Ingress Record"
case SFlowTypeExtendedVniIngressFlow:
return "Extended VNI Ingress Record"
default:
return ""
}
}
// SFlowRawPacketFlowRecords hold information about a sampled
// packet grabbed as it transited the agent. This is
// perhaps the most useful and interesting record type,
// as it holds the headers of the sampled packet and
// can be used to build up a complete picture of the
// traffic patterns on a network.
//
// The raw packet header is sent back into gopacket for
// decoding, and the resulting gopackt.Packet is stored
// in the Header member
type SFlowRawPacketFlowRecord struct {
SFlowBaseFlowRecord
HeaderProtocol SFlowRawHeaderProtocol
FrameLength uint32
PayloadRemoved uint32
HeaderLength uint32
Header gopacket.Packet
}
// Raw packet record types have the following structure:
// 0 15 31
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | 20 bit Interprise (0) |12 bit format |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | record length |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | Header Protocol |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | Frame Length |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | Payload Removed |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | Header Length |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// \ Header \
// \ \
// \ \
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
type SFlowRawHeaderProtocol uint32
const (
SFlowProtoEthernet SFlowRawHeaderProtocol = 1
SFlowProtoISO88024 SFlowRawHeaderProtocol = 2
SFlowProtoISO88025 SFlowRawHeaderProtocol = 3
SFlowProtoFDDI SFlowRawHeaderProtocol = 4
SFlowProtoFrameRelay SFlowRawHeaderProtocol = 5
SFlowProtoX25 SFlowRawHeaderProtocol = 6
SFlowProtoPPP SFlowRawHeaderProtocol = 7
SFlowProtoSMDS SFlowRawHeaderProtocol = 8
SFlowProtoAAL5 SFlowRawHeaderProtocol = 9
SFlowProtoAAL5_IP SFlowRawHeaderProtocol = 10 /* e.g. Cisco AAL5 mux */
SFlowProtoIPv4 SFlowRawHeaderProtocol = 11
SFlowProtoIPv6 SFlowRawHeaderProtocol = 12
SFlowProtoMPLS SFlowRawHeaderProtocol = 13
SFlowProtoPOS SFlowRawHeaderProtocol = 14 /* RFC 1662, 2615 */
)
func (sfhp SFlowRawHeaderProtocol) String() string {
switch sfhp {
case SFlowProtoEthernet:
return "ETHERNET-ISO88023"
case SFlowProtoISO88024:
return "ISO88024-TOKENBUS"
case SFlowProtoISO88025:
return "ISO88025-TOKENRING"
case SFlowProtoFDDI:
return "FDDI"
case SFlowProtoFrameRelay:
return "FRAME-RELAY"
case SFlowProtoX25:
return "X25"
case SFlowProtoPPP:
return "PPP"
case SFlowProtoSMDS:
return "SMDS"
case SFlowProtoAAL5:
return "AAL5"
case SFlowProtoAAL5_IP:
return "AAL5-IP"
case SFlowProtoIPv4:
return "IPv4"
case SFlowProtoIPv6:
return "IPv6"
case SFlowProtoMPLS:
return "MPLS"
case SFlowProtoPOS:
return "POS"
}
return "UNKNOWN"
}
func decodeRawPacketFlowRecord(data *[]byte) (SFlowRawPacketFlowRecord, error) {
rec := SFlowRawPacketFlowRecord{}
header := []byte{}
var fdf SFlowFlowDataFormat
*data, fdf = (*data)[4:], SFlowFlowDataFormat(binary.BigEndian.Uint32((*data)[:4]))
rec.EnterpriseID, rec.Format = fdf.decode()
*data, rec.FlowDataLength = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
*data, rec.HeaderProtocol = (*data)[4:], SFlowRawHeaderProtocol(binary.BigEndian.Uint32((*data)[:4]))
*data, rec.FrameLength = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
*data, rec.PayloadRemoved = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
*data, rec.HeaderLength = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
headerLenWithPadding := int(rec.HeaderLength + ((4 - rec.HeaderLength) % 4))
*data, header = (*data)[headerLenWithPadding:], (*data)[:headerLenWithPadding]
rec.Header = gopacket.NewPacket(header, LayerTypeEthernet, gopacket.Default)
return rec, nil
}
// SFlowExtendedSwitchFlowRecord give additional information
// about the sampled packet if it's available. It's mainly
// useful for getting at the incoming and outgoing VLANs
// An agent may or may not provide this information.
type SFlowExtendedSwitchFlowRecord struct {
SFlowBaseFlowRecord
IncomingVLAN uint32
IncomingVLANPriority uint32
OutgoingVLAN uint32
OutgoingVLANPriority uint32
}
// Extended switch records have the following structure:
// 0 15 31
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | 20 bit Interprise (0) |12 bit format |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | record length |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | Incoming VLAN |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | Incoming VLAN Priority |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | Outgoing VLAN |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | Outgoing VLAN Priority |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
func decodeExtendedSwitchFlowRecord(data *[]byte) (SFlowExtendedSwitchFlowRecord, error) {
es := SFlowExtendedSwitchFlowRecord{}
var fdf SFlowFlowDataFormat
*data, fdf = (*data)[4:], SFlowFlowDataFormat(binary.BigEndian.Uint32((*data)[:4]))
es.EnterpriseID, es.Format = fdf.decode()
*data, es.FlowDataLength = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
*data, es.IncomingVLAN = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
*data, es.IncomingVLANPriority = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
*data, es.OutgoingVLAN = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
*data, es.OutgoingVLANPriority = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
return es, nil
}
// SFlowExtendedRouterFlowRecord gives additional information
// about the layer 3 routing information used to forward
// the packet
type SFlowExtendedRouterFlowRecord struct {
SFlowBaseFlowRecord
NextHop net.IP
NextHopSourceMask uint32
NextHopDestinationMask uint32
}
// Extended router records have the following structure:
// 0 15 31
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | 20 bit Interprise (0) |12 bit format |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | record length |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | Next Hop |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | Next Hop Source Mask |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | Next Hop Destination Mask |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
func decodeExtendedRouterFlowRecord(data *[]byte) (SFlowExtendedRouterFlowRecord, error) {
er := SFlowExtendedRouterFlowRecord{}
var fdf SFlowFlowDataFormat
*data, fdf = (*data)[4:], SFlowFlowDataFormat(binary.BigEndian.Uint32((*data)[:4]))
er.EnterpriseID, er.Format = fdf.decode()
*data, er.FlowDataLength = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
*data, er.NextHop = (*data)[4:], (*data)[:4]
*data, er.NextHopSourceMask = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
*data, er.NextHopDestinationMask = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
return er, nil
}
// SFlowExtendedGatewayFlowRecord describes information treasured by
// nework engineers everywhere: AS path information listing which
// BGP peer sent the packet, and various other BGP related info.
// This information is vital because it gives a picture of how much
// traffic is being sent from / received by various BGP peers.
// Extended gatway records have the following structure:
// 0 15 31
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | 20 bit Interprise (0) |12 bit format |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | record length |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | Next Hop |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | AS |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | Source AS |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | Peer AS |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | AS Path Count |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// / AS Path / Sequence /
// / /
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// / Communities /
// / /
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | Local Pref |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// AS Path / Sequence:
// 0 15 31
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | AS Source Type (Path=1 / Sequence=2) |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | Path / Sequence length |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// / Path / Sequence Members /
// / /
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// Communities:
// 0 15 31
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | communitiy length |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// / communitiy Members /
// / /
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
type SFlowExtendedGatewayFlowRecord struct {
SFlowBaseFlowRecord
NextHop net.IP
AS uint32
SourceAS uint32
PeerAS uint32
ASPathCount uint32
ASPath []SFlowASDestination
Communities []uint32
LocalPref uint32
}
type SFlowASPathType uint32
const (
SFlowASSet SFlowASPathType = 1
SFlowASSequence SFlowASPathType = 2
)
func (apt SFlowASPathType) String() string {
switch apt {
case SFlowASSet:
return "AS Set"
case SFlowASSequence:
return "AS Sequence"
default:
return ""
}
}
type SFlowASDestination struct {
Type SFlowASPathType
Count uint32
Members []uint32
}
func (asd SFlowASDestination) String() string {
switch asd.Type {
case SFlowASSet:
return fmt.Sprint("AS Set:", asd.Members)
case SFlowASSequence:
return fmt.Sprint("AS Sequence:", asd.Members)
default:
return ""
}
}
func (ad *SFlowASDestination) decodePath(data *[]byte) {
*data, ad.Type = (*data)[4:], SFlowASPathType(binary.BigEndian.Uint32((*data)[:4]))
*data, ad.Count = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
ad.Members = make([]uint32, ad.Count)
for i := uint32(0); i < ad.Count; i++ {
var member uint32
*data, member = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
ad.Members[i] = member
}
}
func decodeExtendedGatewayFlowRecord(data *[]byte) (SFlowExtendedGatewayFlowRecord, error) {
eg := SFlowExtendedGatewayFlowRecord{}
var fdf SFlowFlowDataFormat
var extendedGatewayAddressType SFlowIPType
var communitiesLength uint32
var community uint32
*data, fdf = (*data)[4:], SFlowFlowDataFormat(binary.BigEndian.Uint32((*data)[:4]))
eg.EnterpriseID, eg.Format = fdf.decode()
*data, eg.FlowDataLength = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
*data, extendedGatewayAddressType = (*data)[4:], SFlowIPType(binary.BigEndian.Uint32((*data)[:4]))
*data, eg.NextHop = (*data)[extendedGatewayAddressType.Length():], (*data)[:extendedGatewayAddressType.Length()]
*data, eg.AS = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
*data, eg.SourceAS = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
*data, eg.PeerAS = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
*data, eg.ASPathCount = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
for i := uint32(0); i < eg.ASPathCount; i++ {
asPath := SFlowASDestination{}
asPath.decodePath(data)
eg.ASPath = append(eg.ASPath, asPath)
}
*data, communitiesLength = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
eg.Communities = make([]uint32, communitiesLength)
for j := uint32(0); j < communitiesLength; j++ {
*data, community = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
eg.Communities[j] = community
}
*data, eg.LocalPref = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
return eg, nil
}
// **************************************************
// Extended URL Flow Record
// **************************************************
// 0 15 31
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | 20 bit Interprise (0) |12 bit format |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | record length |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | direction |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | URL |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | Host |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
type SFlowURLDirection uint32
const (
SFlowURLsrc SFlowURLDirection = 1
SFlowURLdst SFlowURLDirection = 2
)
func (urld SFlowURLDirection) String() string {
switch urld {
case SFlowURLsrc:
return "Source address is the server"
case SFlowURLdst:
return "Destination address is the server"
default:
return ""
}
}
type SFlowExtendedURLRecord struct {
SFlowBaseFlowRecord
Direction SFlowURLDirection
URL string
Host string
}
func decodeExtendedURLRecord(data *[]byte) (SFlowExtendedURLRecord, error) {
eur := SFlowExtendedURLRecord{}
var fdf SFlowFlowDataFormat
var urlLen uint32
var urlLenWithPad int
var hostLen uint32
var hostLenWithPad int
var urlBytes []byte
var hostBytes []byte
*data, fdf = (*data)[4:], SFlowFlowDataFormat(binary.BigEndian.Uint32((*data)[:4]))
eur.EnterpriseID, eur.Format = fdf.decode()
*data, eur.FlowDataLength = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
*data, eur.Direction = (*data)[4:], SFlowURLDirection(binary.BigEndian.Uint32((*data)[:4]))
*data, urlLen = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
urlLenWithPad = int(urlLen + ((4 - urlLen) % 4))
*data, urlBytes = (*data)[urlLenWithPad:], (*data)[:urlLenWithPad]
eur.URL = string(urlBytes[:urlLen])
*data, hostLen = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
hostLenWithPad = int(hostLen + ((4 - hostLen) % 4))
*data, hostBytes = (*data)[hostLenWithPad:], (*data)[:hostLenWithPad]
eur.Host = string(hostBytes[:hostLen])
return eur, nil
}
// **************************************************
// Extended User Flow Record
// **************************************************
// 0 15 31
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | 20 bit Interprise (0) |12 bit format |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | record length |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | Source Character Set |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | Source User Id |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | Destination Character Set |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | Destination User ID |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
type SFlowExtendedUserFlow struct {
SFlowBaseFlowRecord
SourceCharSet SFlowCharSet
SourceUserID string
DestinationCharSet SFlowCharSet
DestinationUserID string
}
type SFlowCharSet uint32
const (
SFlowCSunknown SFlowCharSet = 2
SFlowCSASCII SFlowCharSet = 3
SFlowCSISOLatin1 SFlowCharSet = 4
SFlowCSISOLatin2 SFlowCharSet = 5
SFlowCSISOLatin3 SFlowCharSet = 6
SFlowCSISOLatin4 SFlowCharSet = 7
SFlowCSISOLatinCyrillic SFlowCharSet = 8
SFlowCSISOLatinArabic SFlowCharSet = 9
SFlowCSISOLatinGreek SFlowCharSet = 10
SFlowCSISOLatinHebrew SFlowCharSet = 11
SFlowCSISOLatin5 SFlowCharSet = 12
SFlowCSISOLatin6 SFlowCharSet = 13
SFlowCSISOTextComm SFlowCharSet = 14
SFlowCSHalfWidthKatakana SFlowCharSet = 15
SFlowCSJISEncoding SFlowCharSet = 16
SFlowCSShiftJIS SFlowCharSet = 17
SFlowCSEUCPkdFmtJapanese SFlowCharSet = 18
SFlowCSEUCFixWidJapanese SFlowCharSet = 19
SFlowCSISO4UnitedKingdom SFlowCharSet = 20
SFlowCSISO11SwedishForNames SFlowCharSet = 21
SFlowCSISO15Italian SFlowCharSet = 22
SFlowCSISO17Spanish SFlowCharSet = 23
SFlowCSISO21German SFlowCharSet = 24
SFlowCSISO60DanishNorwegian SFlowCharSet = 25
SFlowCSISO69French SFlowCharSet = 26
SFlowCSISO10646UTF1 SFlowCharSet = 27
SFlowCSISO646basic1983 SFlowCharSet = 28
SFlowCSINVARIANT SFlowCharSet = 29
SFlowCSISO2IntlRefVersion SFlowCharSet = 30
SFlowCSNATSSEFI SFlowCharSet = 31
SFlowCSNATSSEFIADD SFlowCharSet = 32
SFlowCSNATSDANO SFlowCharSet = 33
SFlowCSNATSDANOADD SFlowCharSet = 34
SFlowCSISO10Swedish SFlowCharSet = 35
SFlowCSKSC56011987 SFlowCharSet = 36
SFlowCSISO2022KR SFlowCharSet = 37
SFlowCSEUCKR SFlowCharSet = 38
SFlowCSISO2022JP SFlowCharSet = 39
SFlowCSISO2022JP2 SFlowCharSet = 40
SFlowCSISO13JISC6220jp SFlowCharSet = 41
SFlowCSISO14JISC6220ro SFlowCharSet = 42
SFlowCSISO16Portuguese SFlowCharSet = 43
SFlowCSISO18Greek7Old SFlowCharSet = 44
SFlowCSISO19LatinGreek SFlowCharSet = 45
SFlowCSISO25French SFlowCharSet = 46
SFlowCSISO27LatinGreek1 SFlowCharSet = 47
SFlowCSISO5427Cyrillic SFlowCharSet = 48
SFlowCSISO42JISC62261978 SFlowCharSet = 49
SFlowCSISO47BSViewdata SFlowCharSet = 50
SFlowCSISO49INIS SFlowCharSet = 51
SFlowCSISO50INIS8 SFlowCharSet = 52
SFlowCSISO51INISCyrillic SFlowCharSet = 53
SFlowCSISO54271981 SFlowCharSet = 54
SFlowCSISO5428Greek SFlowCharSet = 55
SFlowCSISO57GB1988 SFlowCharSet = 56
SFlowCSISO58GB231280 SFlowCharSet = 57
SFlowCSISO61Norwegian2 SFlowCharSet = 58
SFlowCSISO70VideotexSupp1 SFlowCharSet = 59
SFlowCSISO84Portuguese2 SFlowCharSet = 60
SFlowCSISO85Spanish2 SFlowCharSet = 61
SFlowCSISO86Hungarian SFlowCharSet = 62
SFlowCSISO87JISX0208 SFlowCharSet = 63
SFlowCSISO88Greek7 SFlowCharSet = 64
SFlowCSISO89ASMO449 SFlowCharSet = 65
SFlowCSISO90 SFlowCharSet = 66
SFlowCSISO91JISC62291984a SFlowCharSet = 67
SFlowCSISO92JISC62991984b SFlowCharSet = 68
SFlowCSISO93JIS62291984badd SFlowCharSet = 69
SFlowCSISO94JIS62291984hand SFlowCharSet = 70
SFlowCSISO95JIS62291984handadd SFlowCharSet = 71
SFlowCSISO96JISC62291984kana SFlowCharSet = 72
SFlowCSISO2033 SFlowCharSet = 73
SFlowCSISO99NAPLPS SFlowCharSet = 74
SFlowCSISO102T617bit SFlowCharSet = 75
SFlowCSISO103T618bit SFlowCharSet = 76
SFlowCSISO111ECMACyrillic SFlowCharSet = 77
SFlowCSa71 SFlowCharSet = 78
SFlowCSa72 SFlowCharSet = 79
SFlowCSISO123CSAZ24341985gr SFlowCharSet = 80
SFlowCSISO88596E SFlowCharSet = 81
SFlowCSISO88596I SFlowCharSet = 82
SFlowCSISO128T101G2 SFlowCharSet = 83
SFlowCSISO88598E SFlowCharSet = 84
SFlowCSISO88598I SFlowCharSet = 85
SFlowCSISO139CSN369103 SFlowCharSet = 86
SFlowCSISO141JUSIB1002 SFlowCharSet = 87
SFlowCSISO143IECP271 SFlowCharSet = 88
SFlowCSISO146Serbian SFlowCharSet = 89
SFlowCSISO147Macedonian SFlowCharSet = 90
SFlowCSISO150 SFlowCharSet = 91
SFlowCSISO151Cuba SFlowCharSet = 92
SFlowCSISO6937Add SFlowCharSet = 93
SFlowCSISO153GOST1976874 SFlowCharSet = 94
SFlowCSISO8859Supp SFlowCharSet = 95
SFlowCSISO10367Box SFlowCharSet = 96
SFlowCSISO158Lap SFlowCharSet = 97
SFlowCSISO159JISX02121990 SFlowCharSet = 98
SFlowCSISO646Danish SFlowCharSet = 99
SFlowCSUSDK SFlowCharSet = 100
SFlowCSDKUS SFlowCharSet = 101
SFlowCSKSC5636 SFlowCharSet = 102
SFlowCSUnicode11UTF7 SFlowCharSet = 103
SFlowCSISO2022CN SFlowCharSet = 104
SFlowCSISO2022CNEXT SFlowCharSet = 105
SFlowCSUTF8 SFlowCharSet = 106
SFlowCSISO885913 SFlowCharSet = 109
SFlowCSISO885914 SFlowCharSet = 110
SFlowCSISO885915 SFlowCharSet = 111
SFlowCSISO885916 SFlowCharSet = 112
SFlowCSGBK SFlowCharSet = 113
SFlowCSGB18030 SFlowCharSet = 114
SFlowCSOSDEBCDICDF0415 SFlowCharSet = 115
SFlowCSOSDEBCDICDF03IRV SFlowCharSet = 116
SFlowCSOSDEBCDICDF041 SFlowCharSet = 117
SFlowCSISO115481 SFlowCharSet = 118
SFlowCSKZ1048 SFlowCharSet = 119
SFlowCSUnicode SFlowCharSet = 1000
SFlowCSUCS4 SFlowCharSet = 1001
SFlowCSUnicodeASCII SFlowCharSet = 1002
SFlowCSUnicodeLatin1 SFlowCharSet = 1003
SFlowCSUnicodeJapanese SFlowCharSet = 1004
SFlowCSUnicodeIBM1261 SFlowCharSet = 1005
SFlowCSUnicodeIBM1268 SFlowCharSet = 1006
SFlowCSUnicodeIBM1276 SFlowCharSet = 1007
SFlowCSUnicodeIBM1264 SFlowCharSet = 1008
SFlowCSUnicodeIBM1265 SFlowCharSet = 1009
SFlowCSUnicode11 SFlowCharSet = 1010
SFlowCSSCSU SFlowCharSet = 1011
SFlowCSUTF7 SFlowCharSet = 1012
SFlowCSUTF16BE SFlowCharSet = 1013
SFlowCSUTF16LE SFlowCharSet = 1014
SFlowCSUTF16 SFlowCharSet = 1015
SFlowCSCESU8 SFlowCharSet = 1016
SFlowCSUTF32 SFlowCharSet = 1017
SFlowCSUTF32BE SFlowCharSet = 1018
SFlowCSUTF32LE SFlowCharSet = 1019
SFlowCSBOCU1 SFlowCharSet = 1020
SFlowCSWindows30Latin1 SFlowCharSet = 2000
SFlowCSWindows31Latin1 SFlowCharSet = 2001
SFlowCSWindows31Latin2 SFlowCharSet = 2002
SFlowCSWindows31Latin5 SFlowCharSet = 2003
SFlowCSHPRoman8 SFlowCharSet = 2004
SFlowCSAdobeStandardEncoding SFlowCharSet = 2005
SFlowCSVenturaUS SFlowCharSet = 2006
SFlowCSVenturaInternational SFlowCharSet = 2007
SFlowCSDECMCS SFlowCharSet = 2008
SFlowCSPC850Multilingual SFlowCharSet = 2009
SFlowCSPCp852 SFlowCharSet = 2010
SFlowCSPC8CodePage437 SFlowCharSet = 2011
SFlowCSPC8DanishNorwegian SFlowCharSet = 2012
SFlowCSPC862LatinHebrew SFlowCharSet = 2013
SFlowCSPC8Turkish SFlowCharSet = 2014
SFlowCSIBMSymbols SFlowCharSet = 2015
SFlowCSIBMThai SFlowCharSet = 2016
SFlowCSHPLegal SFlowCharSet = 2017
SFlowCSHPPiFont SFlowCharSet = 2018
SFlowCSHPMath8 SFlowCharSet = 2019
SFlowCSHPPSMath SFlowCharSet = 2020
SFlowCSHPDesktop SFlowCharSet = 2021
SFlowCSVenturaMath SFlowCharSet = 2022
SFlowCSMicrosoftPublishing SFlowCharSet = 2023
SFlowCSWindows31J SFlowCharSet = 2024
SFlowCSGB2312 SFlowCharSet = 2025
SFlowCSBig5 SFlowCharSet = 2026
SFlowCSMacintosh SFlowCharSet = 2027
SFlowCSIBM037 SFlowCharSet = 2028
SFlowCSIBM038 SFlowCharSet = 2029
SFlowCSIBM273 SFlowCharSet = 2030
SFlowCSIBM274 SFlowCharSet = 2031
SFlowCSIBM275 SFlowCharSet = 2032
SFlowCSIBM277 SFlowCharSet = 2033
SFlowCSIBM278 SFlowCharSet = 2034
SFlowCSIBM280 SFlowCharSet = 2035
SFlowCSIBM281 SFlowCharSet = 2036
SFlowCSIBM284 SFlowCharSet = 2037
SFlowCSIBM285 SFlowCharSet = 2038
SFlowCSIBM290 SFlowCharSet = 2039
SFlowCSIBM297 SFlowCharSet = 2040
SFlowCSIBM420 SFlowCharSet = 2041
SFlowCSIBM423 SFlowCharSet = 2042
SFlowCSIBM424 SFlowCharSet = 2043
SFlowCSIBM500 SFlowCharSet = 2044
SFlowCSIBM851 SFlowCharSet = 2045
SFlowCSIBM855 SFlowCharSet = 2046
SFlowCSIBM857 SFlowCharSet = 2047
SFlowCSIBM860 SFlowCharSet = 2048
SFlowCSIBM861 SFlowCharSet = 2049
SFlowCSIBM863 SFlowCharSet = 2050
SFlowCSIBM864 SFlowCharSet = 2051
SFlowCSIBM865 SFlowCharSet = 2052
SFlowCSIBM868 SFlowCharSet = 2053
SFlowCSIBM869 SFlowCharSet = 2054
SFlowCSIBM870 SFlowCharSet = 2055
SFlowCSIBM871 SFlowCharSet = 2056
SFlowCSIBM880 SFlowCharSet = 2057
SFlowCSIBM891 SFlowCharSet = 2058
SFlowCSIBM903 SFlowCharSet = 2059
SFlowCSIBBM904 SFlowCharSet = 2060
SFlowCSIBM905 SFlowCharSet = 2061
SFlowCSIBM918 SFlowCharSet = 2062
SFlowCSIBM1026 SFlowCharSet = 2063
SFlowCSIBMEBCDICATDE SFlowCharSet = 2064
SFlowCSEBCDICATDEA SFlowCharSet = 2065
SFlowCSEBCDICCAFR SFlowCharSet = 2066
SFlowCSEBCDICDKNO SFlowCharSet = 2067
SFlowCSEBCDICDKNOA SFlowCharSet = 2068
SFlowCSEBCDICFISE SFlowCharSet = 2069
SFlowCSEBCDICFISEA SFlowCharSet = 2070
SFlowCSEBCDICFR SFlowCharSet = 2071
SFlowCSEBCDICIT SFlowCharSet = 2072
SFlowCSEBCDICPT SFlowCharSet = 2073
SFlowCSEBCDICES SFlowCharSet = 2074
SFlowCSEBCDICESA SFlowCharSet = 2075
SFlowCSEBCDICESS SFlowCharSet = 2076
SFlowCSEBCDICUK SFlowCharSet = 2077
SFlowCSEBCDICUS SFlowCharSet = 2078
SFlowCSUnknown8BiT SFlowCharSet = 2079
SFlowCSMnemonic SFlowCharSet = 2080
SFlowCSMnem SFlowCharSet = 2081
SFlowCSVISCII SFlowCharSet = 2082
SFlowCSVIQR SFlowCharSet = 2083
SFlowCSKOI8R SFlowCharSet = 2084
SFlowCSHZGB2312 SFlowCharSet = 2085
SFlowCSIBM866 SFlowCharSet = 2086
SFlowCSPC775Baltic SFlowCharSet = 2087
SFlowCSKOI8U SFlowCharSet = 2088
SFlowCSIBM00858 SFlowCharSet = 2089
SFlowCSIBM00924 SFlowCharSet = 2090
SFlowCSIBM01140 SFlowCharSet = 2091
SFlowCSIBM01141 SFlowCharSet = 2092
SFlowCSIBM01142 SFlowCharSet = 2093
SFlowCSIBM01143 SFlowCharSet = 2094
SFlowCSIBM01144 SFlowCharSet = 2095
SFlowCSIBM01145 SFlowCharSet = 2096
SFlowCSIBM01146 SFlowCharSet = 2097
SFlowCSIBM01147 SFlowCharSet = 2098
SFlowCSIBM01148 SFlowCharSet = 2099
SFlowCSIBM01149 SFlowCharSet = 2100
SFlowCSBig5HKSCS SFlowCharSet = 2101
SFlowCSIBM1047 SFlowCharSet = 2102
SFlowCSPTCP154 SFlowCharSet = 2103
SFlowCSAmiga1251 SFlowCharSet = 2104
SFlowCSKOI7switched SFlowCharSet = 2105
SFlowCSBRF SFlowCharSet = 2106
SFlowCSTSCII SFlowCharSet = 2107
SFlowCSCP51932 SFlowCharSet = 2108
SFlowCSWindows874 SFlowCharSet = 2109
SFlowCSWindows1250 SFlowCharSet = 2250
SFlowCSWindows1251 SFlowCharSet = 2251
SFlowCSWindows1252 SFlowCharSet = 2252
SFlowCSWindows1253 SFlowCharSet = 2253
SFlowCSWindows1254 SFlowCharSet = 2254
SFlowCSWindows1255 SFlowCharSet = 2255
SFlowCSWindows1256 SFlowCharSet = 2256
SFlowCSWindows1257 SFlowCharSet = 2257
SFlowCSWindows1258 SFlowCharSet = 2258
SFlowCSTIS620 SFlowCharSet = 2259
SFlowCS50220 SFlowCharSet = 2260
SFlowCSreserved SFlowCharSet = 3000
)
func decodeExtendedUserFlow(data *[]byte) (SFlowExtendedUserFlow, error) {
eu := SFlowExtendedUserFlow{}
var fdf SFlowFlowDataFormat
var srcUserLen uint32
var srcUserLenWithPad int
var srcUserBytes []byte
var dstUserLen uint32
var dstUserLenWithPad int
var dstUserBytes []byte
*data, fdf = (*data)[4:], SFlowFlowDataFormat(binary.BigEndian.Uint32((*data)[:4]))
eu.EnterpriseID, eu.Format = fdf.decode()
*data, eu.FlowDataLength = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
*data, eu.SourceCharSet = (*data)[4:], SFlowCharSet(binary.BigEndian.Uint32((*data)[:4]))
*data, srcUserLen = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
srcUserLenWithPad = int(srcUserLen + ((4 - srcUserLen) % 4))
*data, srcUserBytes = (*data)[srcUserLenWithPad:], (*data)[:srcUserLenWithPad]
eu.SourceUserID = string(srcUserBytes[:srcUserLen])
*data, eu.DestinationCharSet = (*data)[4:], SFlowCharSet(binary.BigEndian.Uint32((*data)[:4]))
*data, dstUserLen = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
dstUserLenWithPad = int(dstUserLen + ((4 - dstUserLen) % 4))
*data, dstUserBytes = (*data)[dstUserLenWithPad:], (*data)[:dstUserLenWithPad]
eu.DestinationUserID = string(dstUserBytes[:dstUserLen])
return eu, nil
}
// **************************************************
// Packet IP version 4 Record
// **************************************************
// 0 15 31
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | Length |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | Protocol |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | Source IPv4 |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | Destination IPv4 |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | Source Port |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | Destionation Port |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | TCP Flags |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | TOS |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
type SFlowIpv4Record struct {
// The length of the IP packet excluding ower layer encapsulations
Length uint32
// IP Protocol type (for example, TCP = 6, UDP = 17)
Protocol uint32
// Source IP Address
IPSrc net.IP
// Destination IP Address
IPDst net.IP
// TCP/UDP source port number or equivalent
PortSrc uint32
// TCP/UDP destination port number or equivalent
PortDst uint32
// TCP flags
TCPFlags uint32
// IP type of service
TOS uint32
}
func decodeSFlowIpv4Record(data *[]byte) (SFlowIpv4Record, error) {
si := SFlowIpv4Record{}
*data, si.Length = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
*data, si.Protocol = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
*data, si.IPSrc = (*data)[4:], net.IP((*data)[:4])
*data, si.IPDst = (*data)[4:], net.IP((*data)[:4])
*data, si.PortSrc = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
*data, si.PortDst = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
*data, si.TCPFlags = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
*data, si.TOS = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
return si, nil
}
// **************************************************
// Packet IP version 6 Record
// **************************************************
// 0 15 31
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | Length |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | Protocol |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | Source IPv4 |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | Destination IPv4 |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | Source Port |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | Destionation Port |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | TCP Flags |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | Priority |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
type SFlowIpv6Record struct {
// The length of the IP packet excluding ower layer encapsulations
Length uint32
// IP Protocol type (for example, TCP = 6, UDP = 17)
Protocol uint32
// Source IP Address
IPSrc net.IP
// Destination IP Address
IPDst net.IP
// TCP/UDP source port number or equivalent
PortSrc uint32
// TCP/UDP destination port number or equivalent
PortDst uint32
// TCP flags
TCPFlags uint32
// IP priority
Priority uint32
}
func decodeSFlowIpv6Record(data *[]byte) (SFlowIpv6Record, error) {
si := SFlowIpv6Record{}
*data, si.Length = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
*data, si.Protocol = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
*data, si.IPSrc = (*data)[16:], net.IP((*data)[:16])
*data, si.IPDst = (*data)[16:], net.IP((*data)[:16])
*data, si.PortSrc = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
*data, si.PortDst = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
*data, si.TCPFlags = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
*data, si.Priority = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
return si, nil
}
// **************************************************
// Extended IPv4 Tunnel Egress
// **************************************************
// 0 15 31
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | 20 bit Interprise (0) |12 bit format |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | record length |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// / Packet IP version 4 Record /
// / /
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
type SFlowExtendedIpv4TunnelEgressRecord struct {
SFlowBaseFlowRecord
SFlowIpv4Record SFlowIpv4Record
}
func decodeExtendedIpv4TunnelEgress(data *[]byte) (SFlowExtendedIpv4TunnelEgressRecord, error) {
rec := SFlowExtendedIpv4TunnelEgressRecord{}
var fdf SFlowFlowDataFormat
*data, fdf = (*data)[4:], SFlowFlowDataFormat(binary.BigEndian.Uint32((*data)[:4]))
rec.EnterpriseID, rec.Format = fdf.decode()
*data, rec.FlowDataLength = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
rec.SFlowIpv4Record, _ = decodeSFlowIpv4Record(data)
return rec, nil
}
// **************************************************
// Extended IPv4 Tunnel Ingress
// **************************************************
// 0 15 31
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | 20 bit Interprise (0) |12 bit format |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | record length |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// / Packet IP version 4 Record /
// / /
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
type SFlowExtendedIpv4TunnelIngressRecord struct {
SFlowBaseFlowRecord
SFlowIpv4Record SFlowIpv4Record
}
func decodeExtendedIpv4TunnelIngress(data *[]byte) (SFlowExtendedIpv4TunnelIngressRecord, error) {
rec := SFlowExtendedIpv4TunnelIngressRecord{}
var fdf SFlowFlowDataFormat
*data, fdf = (*data)[4:], SFlowFlowDataFormat(binary.BigEndian.Uint32((*data)[:4]))
rec.EnterpriseID, rec.Format = fdf.decode()
*data, rec.FlowDataLength = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
rec.SFlowIpv4Record, _ = decodeSFlowIpv4Record(data)
return rec, nil
}
// **************************************************
// Extended IPv6 Tunnel Egress
// **************************************************
// 0 15 31
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | 20 bit Interprise (0) |12 bit format |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | record length |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// / Packet IP version 6 Record /
// / /
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
type SFlowExtendedIpv6TunnelEgressRecord struct {
SFlowBaseFlowRecord
SFlowIpv6Record
}
func decodeExtendedIpv6TunnelEgress(data *[]byte) (SFlowExtendedIpv6TunnelEgressRecord, error) {
rec := SFlowExtendedIpv6TunnelEgressRecord{}
var fdf SFlowFlowDataFormat
*data, fdf = (*data)[4:], SFlowFlowDataFormat(binary.BigEndian.Uint32((*data)[:4]))
rec.EnterpriseID, rec.Format = fdf.decode()
*data, rec.FlowDataLength = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
rec.SFlowIpv6Record, _ = decodeSFlowIpv6Record(data)
return rec, nil
}
// **************************************************
// Extended IPv6 Tunnel Ingress
// **************************************************
// 0 15 31
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | 20 bit Interprise (0) |12 bit format |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | record length |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// / Packet IP version 6 Record /
// / /
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
type SFlowExtendedIpv6TunnelIngressRecord struct {
SFlowBaseFlowRecord
SFlowIpv6Record
}
func decodeExtendedIpv6TunnelIngress(data *[]byte) (SFlowExtendedIpv6TunnelIngressRecord, error) {
rec := SFlowExtendedIpv6TunnelIngressRecord{}
var fdf SFlowFlowDataFormat
*data, fdf = (*data)[4:], SFlowFlowDataFormat(binary.BigEndian.Uint32((*data)[:4]))
rec.EnterpriseID, rec.Format = fdf.decode()
*data, rec.FlowDataLength = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
rec.SFlowIpv6Record, _ = decodeSFlowIpv6Record(data)
return rec, nil
}
// **************************************************
// Extended Decapsulate Egress
// **************************************************
// 0 15 31
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | 20 bit Interprise (0) |12 bit format |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | record length |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | Inner Header Offset |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
type SFlowExtendedDecapsulateEgressRecord struct {
SFlowBaseFlowRecord
InnerHeaderOffset uint32
}
func decodeExtendedDecapsulateEgress(data *[]byte) (SFlowExtendedDecapsulateEgressRecord, error) {
rec := SFlowExtendedDecapsulateEgressRecord{}
var fdf SFlowFlowDataFormat
*data, fdf = (*data)[4:], SFlowFlowDataFormat(binary.BigEndian.Uint32((*data)[:4]))
rec.EnterpriseID, rec.Format = fdf.decode()
*data, rec.FlowDataLength = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
*data, rec.InnerHeaderOffset = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
return rec, nil
}
// **************************************************
// Extended Decapsulate Ingress
// **************************************************
// 0 15 31
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | 20 bit Interprise (0) |12 bit format |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | record length |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | Inner Header Offset |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
type SFlowExtendedDecapsulateIngressRecord struct {
SFlowBaseFlowRecord
InnerHeaderOffset uint32
}
func decodeExtendedDecapsulateIngress(data *[]byte) (SFlowExtendedDecapsulateIngressRecord, error) {
rec := SFlowExtendedDecapsulateIngressRecord{}
var fdf SFlowFlowDataFormat
*data, fdf = (*data)[4:], SFlowFlowDataFormat(binary.BigEndian.Uint32((*data)[:4]))
rec.EnterpriseID, rec.Format = fdf.decode()
*data, rec.FlowDataLength = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
*data, rec.InnerHeaderOffset = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
return rec, nil
}
// **************************************************
// Extended VNI Egress
// **************************************************
// 0 15 31
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | 20 bit Interprise (0) |12 bit format |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | record length |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | VNI |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
type SFlowExtendedVniEgressRecord struct {
SFlowBaseFlowRecord
VNI uint32
}
func decodeExtendedVniEgress(data *[]byte) (SFlowExtendedVniEgressRecord, error) {
rec := SFlowExtendedVniEgressRecord{}
var fdf SFlowFlowDataFormat
*data, fdf = (*data)[4:], SFlowFlowDataFormat(binary.BigEndian.Uint32((*data)[:4]))
rec.EnterpriseID, rec.Format = fdf.decode()
*data, rec.FlowDataLength = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
*data, rec.VNI = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
return rec, nil
}
// **************************************************
// Extended VNI Ingress
// **************************************************
// 0 15 31
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | 20 bit Interprise (0) |12 bit format |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | record length |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | VNI |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
type SFlowExtendedVniIngressRecord struct {
SFlowBaseFlowRecord
VNI uint32
}
func decodeExtendedVniIngress(data *[]byte) (SFlowExtendedVniIngressRecord, error) {
rec := SFlowExtendedVniIngressRecord{}
var fdf SFlowFlowDataFormat
*data, fdf = (*data)[4:], SFlowFlowDataFormat(binary.BigEndian.Uint32((*data)[:4]))
rec.EnterpriseID, rec.Format = fdf.decode()
*data, rec.FlowDataLength = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
*data, rec.VNI = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
return rec, nil
}
// **************************************************
// Counter Record
// **************************************************
// 0 15 31
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | 20 bit Interprise (0) |12 bit format |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | counter length |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// / counter data /
// / /
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
type SFlowBaseCounterRecord struct {
EnterpriseID SFlowEnterpriseID
Format SFlowCounterRecordType
FlowDataLength uint32
}
func (bcr SFlowBaseCounterRecord) GetType() SFlowCounterRecordType {
switch bcr.Format {
case SFlowTypeGenericInterfaceCounters:
return SFlowTypeGenericInterfaceCounters
case SFlowTypeEthernetInterfaceCounters:
return SFlowTypeEthernetInterfaceCounters
case SFlowTypeTokenRingInterfaceCounters:
return SFlowTypeTokenRingInterfaceCounters
case SFlowType100BaseVGInterfaceCounters:
return SFlowType100BaseVGInterfaceCounters
case SFlowTypeVLANCounters:
return SFlowTypeVLANCounters
case SFlowTypeProcessorCounters:
return SFlowTypeProcessorCounters
}
unrecognized := fmt.Sprint("Unrecognized counter record type:", bcr.Format)
panic(unrecognized)
}
// **************************************************
// Counter Record
// **************************************************
// 0 15 31
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | 20 bit Interprise (0) |12 bit format |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | counter length |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | IfIndex |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | IfType |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | IfSpeed |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | IfDirection |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | IfStatus |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | IFInOctets |
// | |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | IfInUcastPkts |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | IfInMulticastPkts |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | IfInBroadcastPkts |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | IfInDiscards |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | InInErrors |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | IfInUnknownProtos |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | IfOutOctets |
// | |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | IfOutUcastPkts |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | IfOutMulticastPkts |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | IfOutBroadcastPkts |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | IfOutDiscards |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | IfOUtErrors |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | IfPromiscouousMode |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
type SFlowGenericInterfaceCounters struct {
SFlowBaseCounterRecord
IfIndex uint32
IfType uint32
IfSpeed uint64
IfDirection uint32
IfStatus uint32
IfInOctets uint64
IfInUcastPkts uint32
IfInMulticastPkts uint32
IfInBroadcastPkts uint32
IfInDiscards uint32
IfInErrors uint32
IfInUnknownProtos uint32
IfOutOctets uint64
IfOutUcastPkts uint32
IfOutMulticastPkts uint32
IfOutBroadcastPkts uint32
IfOutDiscards uint32
IfOutErrors uint32
IfPromiscuousMode uint32
}
func decodeGenericInterfaceCounters(data *[]byte) (SFlowGenericInterfaceCounters, error) {
gic := SFlowGenericInterfaceCounters{}
var cdf SFlowCounterDataFormat
*data, cdf = (*data)[4:], SFlowCounterDataFormat(binary.BigEndian.Uint32((*data)[:4]))
gic.EnterpriseID, gic.Format = cdf.decode()
*data, gic.FlowDataLength = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
*data, gic.IfIndex = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
*data, gic.IfType = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
*data, gic.IfSpeed = (*data)[8:], binary.BigEndian.Uint64((*data)[:8])
*data, gic.IfDirection = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
*data, gic.IfStatus = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
*data, gic.IfInOctets = (*data)[8:], binary.BigEndian.Uint64((*data)[:8])
*data, gic.IfInUcastPkts = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
*data, gic.IfInMulticastPkts = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
*data, gic.IfInBroadcastPkts = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
*data, gic.IfInDiscards = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
*data, gic.IfInErrors = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
*data, gic.IfInUnknownProtos = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
*data, gic.IfOutOctets = (*data)[8:], binary.BigEndian.Uint64((*data)[:8])
*data, gic.IfOutUcastPkts = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
*data, gic.IfOutMulticastPkts = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
*data, gic.IfOutBroadcastPkts = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
*data, gic.IfOutDiscards = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
*data, gic.IfOutErrors = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
*data, gic.IfPromiscuousMode = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
return gic, nil
}
// **************************************************
// Counter Record
// **************************************************
// 0 15 31
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | 20 bit Interprise (0) |12 bit format |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | counter length |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// / counter data /
// / /
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
type SFlowEthernetCounters struct {
SFlowBaseCounterRecord
AlignmentErrors uint32
FCSErrors uint32
SingleCollisionFrames uint32
MultipleCollisionFrames uint32
SQETestErrors uint32
DeferredTransmissions uint32
LateCollisions uint32
ExcessiveCollisions uint32
InternalMacTransmitErrors uint32
CarrierSenseErrors uint32
FrameTooLongs uint32
InternalMacReceiveErrors uint32
SymbolErrors uint32
}
func decodeEthernetCounters(data *[]byte) (SFlowEthernetCounters, error) {
ec := SFlowEthernetCounters{}
var cdf SFlowCounterDataFormat
*data, cdf = (*data)[4:], SFlowCounterDataFormat(binary.BigEndian.Uint32((*data)[:4]))
ec.EnterpriseID, ec.Format = cdf.decode()
*data, ec.FlowDataLength = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
*data, ec.AlignmentErrors = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
*data, ec.FCSErrors = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
*data, ec.SingleCollisionFrames = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
*data, ec.MultipleCollisionFrames = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
*data, ec.SQETestErrors = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
*data, ec.DeferredTransmissions = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
*data, ec.LateCollisions = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
*data, ec.ExcessiveCollisions = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
*data, ec.InternalMacTransmitErrors = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
*data, ec.CarrierSenseErrors = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
*data, ec.FrameTooLongs = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
*data, ec.InternalMacReceiveErrors = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
*data, ec.SymbolErrors = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
return ec, nil
}
// **************************************************
// Processor Counter Record
// **************************************************
// 0 15 31
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | 20 bit Interprise (0) |12 bit format |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | counter length |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | FiveSecCpu |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | OneMinCpu |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | GiveMinCpu |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | TotalMemory |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
// | FreeMemory |
// +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
type SFlowProcessorCounters struct {
SFlowBaseCounterRecord
FiveSecCpu uint32 // 5 second average CPU utilization
OneMinCpu uint32 // 1 minute average CPU utilization
FiveMinCpu uint32 // 5 minute average CPU utilization
TotalMemory uint64 // total memory (in bytes)
FreeMemory uint64 // free memory (in bytes)
}
func decodeProcessorCounters(data *[]byte) (SFlowProcessorCounters, error) {
pc := SFlowProcessorCounters{}
var cdf SFlowCounterDataFormat
var high32, low32 uint32
*data, cdf = (*data)[4:], SFlowCounterDataFormat(binary.BigEndian.Uint32((*data)[:4]))
pc.EnterpriseID, pc.Format = cdf.decode()
*data, pc.FlowDataLength = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
*data, pc.FiveSecCpu = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
*data, pc.OneMinCpu = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
*data, pc.FiveMinCpu = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
*data, high32 = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
*data, low32 = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
pc.TotalMemory = (uint64(high32) << 32) + uint64(low32)
*data, high32 = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
*data, low32 = (*data)[4:], binary.BigEndian.Uint32((*data)[:4])
pc.FreeMemory = (uint64(high32)) + uint64(low32)
return pc, nil
}