Enum libflow::update::Key [] [src]

pub enum Key {
    Simple(Value),
    FlowTuple {
        ip_proto_raw: u8,
        loc_ip: IpAddr,
        rem_ip: IpAddr,
        loc_port: Option<u16>,
        rem_port: Option<u16>,
    },
    InternalHandle(FlowTags),
}

A key is some bit of data that describes which flow is spoken of.

Variants

The flow can be recognized by a single tag value.

Usually, this is some kind of ID internal to the source of data.

Examples

use libdata::column::Type;
use libflow::update::Key;

#[derive(Clone, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
struct PrivateId(pub String);

impl Type for PrivateId {
    fn name() -> String {
        "my-private-source-id".to_owned()
    }
}

let key = Key::Simple(PrivateId("some-unique-id".to_owned()).into());

The flow can be recognized by the usual tuple ‒ ID addresses, protocol used and a pair of ports.

This is mostly a convenience so we don't have to be able to build multi-value keys out of Values and care about the order, etc.

TODO

What about protocols like ICMP? Don't they have something else in their tuple?

Examples

let tcp_flow = Key::FlowTuple {
    ip_proto_raw: 6,
    loc_ip: "192.0.2.1".parse().unwrap(),
    rem_ip: "192.0.2.2".parse().unwrap(),
    loc_port: Some(7384),
    rem_port: Some(80),
};
let icmpv6_flow = Key::FlowTuple {
    ip_proto_raw: 58,
    loc_ip: "2001:0DB8::1".parse().unwrap(),
    rem_ip: "2001:0DB8::2".parse().unwrap(),
    loc_port: None,
    rem_port: None,
};

Fields of FlowTuple

The protocol (eg. UDP/TCP) as the raw protocol value. This is not an enum because we don't really care what the protocol means and this provides the full flexibility.

The IP address of the local endpoint (eg. on LAN).

The IP address of the remote endpoint.

The port of the local endpoint, if it makes sense for the protocol (in local endian).

The port of the remote endpoint, if it makes sense for the protocol (in local endian).

This one uses the internal address of the flow as the key.

This one can't be used by data sources, since they never know the internal address. However, it can be used by other parts of the processing to generate an update to already existing.

Unlike other keys, if an update references a flow with unknown InternalHandle key, a new key is not set up, but the update is ignored, assuming this is a race condition and the update is for a flow that already ended. While this should not usually happen (as there's a grace time before the flow is actually deleted), this can't be completely ruled out.

An update that has an InternalHandle key must have only that key and no other, otherwise something somewhere might stop working or panic.

Trait Implementations

impl Clone for Key
[src]

Returns a copy of the value. Read more

Performs copy-assignment from source. Read more

impl Debug for Key
[src]

Formats the value using the given formatter.

impl Eq for Key
[src]

impl Ord for Key
[src]

This method returns an Ordering between self and other. Read more

🔬 This is a nightly-only experimental API. (ord_max_min)

Compares and returns the maximum of two values. Read more

🔬 This is a nightly-only experimental API. (ord_max_min)

Compares and returns the minimum of two values. Read more

impl PartialEq for Key
[src]

This method tests for self and other values to be equal, and is used by ==. Read more

This method tests for !=.

impl PartialOrd for Key
[src]

This method returns an ordering between self and other values if one exists. Read more

This method tests less than (for self and other) and is used by the < operator. Read more

This method tests less than or equal to (for self and other) and is used by the <= operator. Read more

This method tests greater than (for self and other) and is used by the > operator. Read more

This method tests greater than or equal to (for self and other) and is used by the >= operator. Read more