Skip to main content

NetflowParserBuilder

netflow_parser

Struct NetflowParserBuilder 

Source 
pub struct NetflowParserBuilder { /* private fields */ }
Expand description

Builder for configuring and constructing a NetflowParser.

§Examples

use netflow_parser::NetflowParser;
use netflow_parser::variable_versions::ttl::TtlConfig;
use std::collections::HashSet;
use std::time::Duration;

let parser = NetflowParser::builder()
    .with_cache_size(2000)
    .with_ttl(TtlConfig::new(Duration::from_secs(7200)))
    .with_allowed_versions([5, 9, 10].into())
    .with_max_error_sample_size(512)
    .build()
    .expect("Failed to build parser");

Implementations§

Source§

impl NetflowParserBuilder

Source

pub fn with_cache_size(self, size: usize) -> Self

Sets the template cache size for both V9 and IPFIX parsers.

§Arguments
  • size - Maximum number of templates to cache (must be > 0)
§Examples
use netflow_parser::NetflowParser;

let parser = NetflowParser::builder()
    .with_cache_size(2000)
    .build()
    .expect("Failed to build parser");
Source

pub fn with_v9_cache_size(self, size: usize) -> Self

Sets the V9 parser template cache size independently.

§Arguments
  • size - Maximum number of templates to cache (must be > 0)
Source

pub fn with_ipfix_cache_size(self, size: usize) -> Self

Sets the IPFIX parser template cache size independently.

  • size - Maximum number of templates to cache (must be > 0)
Source

pub fn with_max_field_count(self, count: usize) -> Self

Sets the maximum field count for both V9 and IPFIX parsers.

This limits the number of fields allowed in a single template to prevent DoS attacks.

§Arguments
  • count - Maximum number of fields per template (default: 10,000)
§Examples
use netflow_parser::NetflowParser;

let parser = NetflowParser::builder()
    .with_max_field_count(5000)  // More restrictive limit
    .build()
    .expect("Failed to build parser");
Source

pub fn with_v9_max_field_count(self, count: usize) -> Self

Sets the V9 parser maximum field count independently.

§Arguments
  • count - Maximum number of fields per template
Source

pub fn with_ipfix_max_field_count(self, count: usize) -> Self

Sets the IPFIX parser maximum field count independently.

§Arguments
  • count - Maximum number of fields per template
Source

pub fn with_ttl(self, ttl: TtlConfig) -> Self

Sets the TTL configuration for both V9 and IPFIX parsers.

§Arguments
  • ttl - TTL configuration (time-based)
§Examples
use netflow_parser::NetflowParser;
use netflow_parser::variable_versions::ttl::TtlConfig;
use std::time::Duration;

let parser = NetflowParser::builder()
    .with_ttl(TtlConfig::new(Duration::from_secs(7200)))
    .build()
    .expect("Failed to build parser");
Source

pub fn with_v9_ttl(self, ttl: TtlConfig) -> Self

Sets the TTL configuration for V9 parser independently.

Source

pub fn with_ipfix_ttl(self, ttl: TtlConfig) -> Self

Sets the TTL configuration for IPFIX parser independently.

Source

pub fn with_allowed_versions(self, versions: HashSet<u16>) -> Self

Sets which Netflow versions are allowed to be parsed.

§Arguments
  • versions - Set of allowed version numbers (5, 7, 9, 10)
§Examples
use netflow_parser::NetflowParser;

// Only parse V9 and IPFIX
let parser = NetflowParser::builder()
    .with_allowed_versions([9, 10].into())
    .build()
    .expect("Failed to build parser");
Source

pub fn with_max_error_sample_size(self, size: usize) -> Self

Sets the maximum error sample size for error reporting.

§Arguments
  • size - Maximum bytes to include in error messages
§Examples
use netflow_parser::NetflowParser;

let parser = NetflowParser::builder()
    .with_max_error_sample_size(512)
    .build()
    .expect("Failed to build parser");
Source

pub fn register_enterprise_field(self, def: EnterpriseFieldDef) -> Self

Registers a custom enterprise field definition for both V9 and IPFIX parsers.

This allows library users to define their own enterprise-specific fields without modifying the library source code. Registered fields will be parsed according to their specified data type instead of falling back to raw bytes.

§Arguments
  • def - Enterprise field definition containing enterprise number, field number, name, and data type
§Examples
use netflow_parser::NetflowParser;
use netflow_parser::variable_versions::enterprise_registry::EnterpriseFieldDef;
use netflow_parser::variable_versions::data_number::FieldDataType;

let parser = NetflowParser::builder()
    .register_enterprise_field(EnterpriseFieldDef::new(
        12345,  // Enterprise number
        1,      // Field number
        "customMetric",
        FieldDataType::UnsignedDataNumber,
    ))
    .register_enterprise_field(EnterpriseFieldDef::new(
        12345,
        2,
        "customApplicationName",
        FieldDataType::String,
    ))
    .build()
    .expect("Failed to build parser");
Source

pub fn register_enterprise_fields( self, defs: impl IntoIterator<Item = EnterpriseFieldDef>, ) -> Self

Registers multiple custom enterprise field definitions at once.

§Arguments
  • defs - Iterator of enterprise field definitions
§Examples
use netflow_parser::NetflowParser;
use netflow_parser::variable_versions::enterprise_registry::EnterpriseFieldDef;
use netflow_parser::variable_versions::data_number::FieldDataType;

let fields = vec![
    EnterpriseFieldDef::new(12345, 1, "field1", FieldDataType::UnsignedDataNumber),
    EnterpriseFieldDef::new(12345, 2, "field2", FieldDataType::String),
    EnterpriseFieldDef::new(12345, 3, "field3", FieldDataType::Ip4Addr),
];

let parser = NetflowParser::builder()
    .register_enterprise_fields(fields)
    .build()
    .expect("Failed to build parser");
Source

pub fn with_pending_flows(self, config: PendingFlowsConfig) -> Self

Enables pending flow caching for both V9 and IPFIX parsers.

When enabled, flows that arrive before their template are cached. When the template later arrives, cached flows are automatically re-parsed and included in the output.

§Arguments
  • config - Pending flows configuration (cache size and optional TTL)
§Examples
use netflow_parser::{NetflowParser, PendingFlowsConfig};

let parser = NetflowParser::builder()
    .with_pending_flows(PendingFlowsConfig::default())
    .build()
    .expect("Failed to build parser");
Source

pub fn with_v9_pending_flows(self, config: PendingFlowsConfig) -> Self

Enables pending flow caching for the V9 parser only.

Source

pub fn with_ipfix_pending_flows(self, config: PendingFlowsConfig) -> Self

Enables pending flow caching for the IPFIX parser only.

Source

pub fn single_source(self) -> Self

Hint for single-source deployments (documentation only).

This method exists for clarity and returns self unchanged. Use when parsing from a single router or source.

§Examples
use netflow_parser::NetflowParser;

let parser = NetflowParser::builder()
    .single_source()  // Documents intent
    .with_cache_size(1000)
    .build()
    .expect("Failed to build parser");
Source

pub fn multi_source(self) -> AutoScopedParser

Creates an AutoScopedParser for multi-source deployments.

Recommended for parsing NetFlow from multiple routers. Each source gets an isolated template cache, preventing template ID collisions.

§Examples
use netflow_parser::NetflowParser;
use std::net::SocketAddr;

// Multi-source deployment
let mut parser = NetflowParser::builder()
    .with_cache_size(2000)
    .multi_source();

let source: SocketAddr = "192.168.1.1:2055".parse().unwrap();
let data = [0u8; 72]; // Example data
let packets = parser.parse_from_source(source, &data);

Equivalent to:

use netflow_parser::{NetflowParser, AutoScopedParser};

let builder = NetflowParser::builder().with_cache_size(2000);
let _parser = AutoScopedParser::with_builder(builder);
Source

pub fn on_template_event<F>(self, hook: F) -> Self
where F: Fn(&TemplateEvent) + Send + Sync + 'static,

Builds the configured NetflowParser.

§Errors

Returns an error if:

  • Template cache size is 0
  • Parser initialization fails
§Examples
use netflow_parser::NetflowParser;

let parser = NetflowParser::builder()
    .with_cache_size(2000)
    .build()
    .expect("Failed to build parser");

Registers a callback for template lifecycle events.

This allows you to monitor template operations in real-time, including:

  • Template learning (new templates added to cache)
  • Template collisions (template ID reused)
  • Template evictions (LRU policy removed template)
  • Template expirations (TTL-based removal)
  • Missing templates (data packet for unknown template)
§Arguments
  • hook - A closure that will be called for each template event
§Examples
use netflow_parser::{NetflowParser, TemplateEvent, TemplateProtocol};

let parser = NetflowParser::builder()
    .on_template_event(|event| {
        match event {
            TemplateEvent::Learned { template_id, protocol } => {
                println!("Learned template {}", template_id);
            }
            TemplateEvent::Collision { template_id, protocol } => {
                eprintln!("⚠️  Template collision: {}", template_id);
            }
            _ => {}
        }
    })
    .build()
    .unwrap();
Source

pub fn build(self) -> Result<NetflowParser, String>

Builds the NetflowParser with the configured settings.

Returns an error if the parser configuration is invalid.

Trait Implementations§

Source§

impl Clone for NetflowParserBuilder

Source§

fn clone(&self) -> NetflowParserBuilder

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for NetflowParserBuilder

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Default for NetflowParserBuilder

Source§

fn default() -> Self

Returns the “default value” for a type. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.