NetflowParser

netflow_parser

Struct NetflowParser 

Source 
pub struct NetflowParser {
    pub v9_parser: V9Parser,
    pub ipfix_parser: IPFixParser,
    pub allowed_versions: HashSet<u16>,
    pub max_error_sample_size: usize,
}
Expand description

Main parser for Netflow packets supporting V5, V7, V9, and IPFIX.

Use NetflowParser::builder() for ergonomic configuration with the builder pattern, or NetflowParser::default() for quick setup with defaults.

§Examples

use netflow_parser::NetflowParser;
use netflow_parser::variable_versions::ttl::TtlConfig;
use std::time::Duration;

// Using builder pattern (recommended)
let parser = NetflowParser::builder()
    .with_cache_size(2000)
    .with_ttl(TtlConfig::new(Duration::from_secs(7200)))
    .build()
    .expect("Failed to build parser");

// Using default
let parser = NetflowParser::default();

Fields§

§v9_parser: V9Parser§ipfix_parser: IPFixParser§allowed_versions: HashSet<u16>§max_error_sample_size: usize

Maximum number of bytes to include in error samples to prevent memory exhaustion. Defaults to 256 bytes.

Implementations§

Source§

impl NetflowParser

Source

pub fn builder() -> NetflowParserBuilder

Creates a new builder for configuring a NetflowParser.

§Examples
use netflow_parser::NetflowParser;
use netflow_parser::variable_versions::ttl::TtlConfig;
use std::time::Duration;

let parser = NetflowParser::builder()
    .with_cache_size(2000)
    .with_ttl(TtlConfig::new(Duration::from_secs(7200)))
    .build()
    .expect("Failed to build parser");
Source

pub fn v9_cache_stats(&self) -> CacheStats

Gets statistics about the V9 template cache.

§Examples
use netflow_parser::NetflowParser;

let parser = NetflowParser::default();
let stats = parser.v9_cache_stats();
println!("V9 cache: {}/{} templates", stats.current_size, stats.max_size);
Source

pub fn ipfix_cache_stats(&self) -> CacheStats

Gets statistics about the IPFIX template cache.

§Examples
use netflow_parser::NetflowParser;

let parser = NetflowParser::default();
let stats = parser.ipfix_cache_stats();
println!("IPFIX cache: {}/{} templates", stats.current_size, stats.max_size);
Source

pub fn v9_template_ids(&self) -> Vec<u16>

Lists all cached V9 template IDs.

Note: This returns template IDs from both regular and options templates.

§Examples
use netflow_parser::NetflowParser;

let parser = NetflowParser::default();
let template_ids = parser.v9_template_ids();
println!("Cached V9 templates: {:?}", template_ids);
Source

pub fn ipfix_template_ids(&self) -> Vec<u16>

Lists all cached IPFIX template IDs.

Note: This returns template IDs from both IPFIX and V9-format templates (IPFIX can contain both).

§Examples
use netflow_parser::NetflowParser;

let parser = NetflowParser::default();
let template_ids = parser.ipfix_template_ids();
println!("Cached IPFIX templates: {:?}", template_ids);
Source

pub fn has_v9_template(&self, template_id: u16) -> bool

Checks if a V9 template with the given ID is cached.

Note: This uses peek() which does not affect LRU ordering.

§Arguments
  • template_id - The template ID to check
§Examples
use netflow_parser::NetflowParser;

let parser = NetflowParser::default();
if parser.has_v9_template(256) {
    println!("Template 256 is cached");
}
Source

pub fn has_ipfix_template(&self, template_id: u16) -> bool

Checks if an IPFIX template with the given ID is cached.

Note: This uses peek() which does not affect LRU ordering.

§Arguments
  • template_id - The template ID to check
§Examples
use netflow_parser::NetflowParser;

let parser = NetflowParser::default();
if parser.has_ipfix_template(256) {
    println!("Template 256 is cached");
}
Source

pub fn clear_v9_templates(&mut self)

Clears all cached V9 templates.

This is useful for testing or when you need to force template re-learning.

§Examples
use netflow_parser::NetflowParser;

let mut parser = NetflowParser::default();
parser.clear_v9_templates();
Source

pub fn clear_ipfix_templates(&mut self)

Clears all cached IPFIX templates.

This is useful for testing or when you need to force template re-learning.

§Examples
use netflow_parser::NetflowParser;

let mut parser = NetflowParser::default();
parser.clear_ipfix_templates();
Source

pub fn parse_bytes(&mut self, packet: &[u8]) -> Vec<NetflowPacket>

Takes a Netflow packet slice and returns a vector of Parsed Netflows. If we reach some parse error we return what items be have.

§Examples
use serde_json::json;
use netflow_parser::NetflowParser;

let v5_packet = [0, 5, 2, 0, 3, 0, 4, 0, 5, 0, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6, 7,];
println!("{}", json!(NetflowParser::default().parse_bytes(&v5_packet)).to_string());
§Output:
[{"V5":{"header":{"count":1,"engine_id":7,"engine_type":6,"flow_sequence":33752069,"sampling_interval":2057,"sys_up_time":{"nanos":672000000,"secs":50332},"unix_nsecs":134807553,"unix_secs":83887623,"version":5},"sets":[{"d_octets":66051,"d_pkts":101124105,"dst_addr":"4.5.6.7","dst_as":515,"dst_mask":5,"dst_port":1029,"first":{"nanos":87000000,"secs":67438},"input":515,"last":{"nanos":553000000,"secs":134807},"next_hop":"8.9.0.1","output":1029,"pad1":6,"pad2":1543,"protocol_number":8,"protocol_type":"Egp","src_addr":"0.1.2.3","src_as":1,"src_mask":4,"src_port":515,"tcp_flags":7,"tos":9}]}}]
Source

pub fn iter_packets<'a>( &'a mut self, packet: &'a [u8], ) -> NetflowPacketIterator<'a>

Returns an iterator that yields NetflowPacket items without allocating a Vec. This is useful for processing large batches of packets without collecting all results in memory.

§Examples
use netflow_parser::{NetflowParser, NetflowPacket};

let v5_packet = [0, 5, 0, 1, 3, 0, 4, 0, 5, 0, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6, 7,];
let mut parser = NetflowParser::default();

for packet in parser.iter_packets(&v5_packet) {
    match packet {
        NetflowPacket::V5(v5) => println!("V5 packet: {:?}", v5.header.version),
        NetflowPacket::Error(e) => println!("Error: {:?}", e),
        _ => (),
    }
}

Trait Implementations§

Source§

impl Debug for NetflowParser

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Default for NetflowParser

Source§

fn default() -> Self

Returns the “default value” for a type. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.