This repository has been archived by the owner on Feb 15, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathflow-messages-enriched.proto
139 lines (112 loc) · 3.55 KB
/
flow-messages-enriched.proto
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
syntax = "proto3";
package flowmessageenriched;
option java_package = "bwnetflow";
option java_outer_classname = "FlowMessageEnrichedPb";
option go_package = "github.com/bwNetFlow/protobuf/go;flowmessageenriched";
message FlowMessage {
enum FlowType {
FLOWUNKNOWN = 0;
SFLOW_5 = 1;
NETFLOW_V5 = 2;
NETFLOW_V9 = 3;
IPFIX = 4;
}
FlowType Type = 1;
uint64 TimeReceived = 2;
uint32 SequenceNum = 4;
uint64 SamplingRate = 3;
uint32 FlowDirection = 42;
// Sampler information
bytes SamplerAddress = 11;
// Found inside packet
uint64 TimeFlowStart = 38;
uint64 TimeFlowEnd = 5;
// Size of the sampled packet
uint64 Bytes = 9;
uint64 Packets = 10;
// Source/destination addresses
bytes SrcAddr = 6;
bytes DstAddr = 7;
// Layer 3 protocol (IPv4/IPv6/ARP/MPLS...)
uint32 Etype = 30;
// Layer 4 protocol
uint32 Proto = 20;
// Ports for UDP and TCP
uint32 SrcPort = 21;
uint32 DstPort = 22;
// Interfaces
uint32 InIf = 18;
uint32 OutIf = 19;
// Ethernet information
uint64 SrcMac = 27;
uint64 DstMac = 28;
// Vlan
uint32 SrcVlan = 33;
uint32 DstVlan = 34;
// 802.1q VLAN in sampled packet
uint32 VlanId = 29;
// VRF
uint32 IngressVrfID = 39;
uint32 EgressVrfID = 40;
// IP and TCP special flags
uint32 IPTos = 23;
uint32 ForwardingStatus = 24;
uint32 IPTTL = 25;
uint32 TCPFlags = 26;
uint32 IcmpType = 31;
uint32 IcmpCode = 32;
uint32 IPv6FlowLabel = 37;
// Fragments (IPv4/IPv6)
uint32 FragmentId = 35;
uint32 FragmentOffset = 36;
uint32 BiFlowDirection = 41;
// Autonomous system information
uint32 SrcAS = 14;
uint32 DstAS = 15;
bytes NextHop = 12;
uint32 NextHopAS = 13;
// Prefix size
uint32 SrcNet = 16;
uint32 DstNet = 17;
// MPLS information
bool HasMPLS = 53;
uint32 MPLSCount = 54;
uint32 MPLS1TTL = 55; // First TTL
uint32 MPLS1Label = 56; // First Label
uint32 MPLS2TTL = 57; // Second TTL
uint32 MPLS2Label = 58; // Second Label
uint32 MPLS3TTL = 59; // Third TTL
uint32 MPLS3Label = 60; // Third Label
uint32 MPLSLastTTL = 61; // Last TTL
uint32 MPLSLastLabel = 62; // Last Label
// Custom fields: start after ID 1000:
// uint32 MyCustomField = 1000;
// bwNetFlow enricher fields
uint32 Cid = 1000; // Customer ID - numerical ID, usually assigned by prefix, used in cases where any flow is directly mappable to a single customer
string CidString = 1001; // deprecated
uint32 SrcCid = 1012; // Src Customer ID - numerical ID, usually assigned by prefix
uint32 DstCid = 1013; // Dst Customer ID - numerical ID, usually assigned by prefix
enum NormalizedType {
No = 0;
Yes = 1;
}
NormalizedType Normalized = 1002; // Normalization - whether the sampling rate is accounted for
// Fields for Interface Usability -- enriched using SNMP
string SrcIfName = 1003; // set to the name, unset by default
string SrcIfDesc = 1004; // set to the descrition, filtered by a regex in the enricher
uint32 SrcIfSpeed = 1005; // iface speed
string DstIfName = 1006;
string DstIfDesc = 1007;
uint32 DstIfSpeed = 1008;
string ProtoName = 1009; // Protocol Name -- set for some well known protocols, based on Proto
string RemoteCountry = 1010; // Geolocation -- set using the provided database
string SrcCountry = 1014; // Src Geolocation
string DstCountry = 1015; // Dst Geolocation
enum RemoteAddrType {
Neither = 0;
Src = 1;
Dst = 2;
}
RemoteAddrType RemoteAddr = 1011; // RemoteAddr - which Addr field contains the remote/local address
string Note = 1016; // free-form field to implement anything
}