├── .dockerignore ├── .github └── workflows │ └── ci.yaml ├── .gitignore ├── API.md ├── CHANGELOG.md ├── CODE_OF_CONDUCT.md ├── CONTRIBUTING.md ├── Dockerfile.sfnb ├── Dockerfile.sysprint ├── LICENSE.md ├── MAINTAINERS.md ├── README.md ├── avro ├── avdl │ ├── entity │ │ ├── container.avdl │ │ ├── file.avdl │ │ ├── header.avdl │ │ ├── pod.avdl │ │ └── process.avdl │ ├── event │ │ ├── fileevent.avdl │ │ ├── k8sevent.avdl │ │ ├── networkevent.avdl │ │ └── processevent.avdl │ ├── flow │ │ ├── fileflow.avdl │ │ ├── networkflow.avdl │ │ └── processflow.avdl │ ├── sysflow.avdl │ └── type │ │ └── datatypes.avdl ├── avpr │ └── sysflow.avpr ├── avsc │ ├── ActionType.avsc │ ├── Container.avsc │ ├── ContainerID.avsc │ ├── ContainerType.avsc │ ├── EventType.avsc │ ├── FOID.avsc │ ├── File.avsc │ ├── FileEvent.avsc │ ├── FileFlow.avsc │ ├── K8sAction.avsc │ ├── K8sComponent.avsc │ ├── K8sEvent.avsc │ ├── NetworkEvent.avsc │ ├── NetworkFlow.avsc │ ├── OID.avsc │ ├── Pod.avsc │ ├── Port.avsc │ ├── Process.avsc │ ├── ProcessEvent.avsc │ ├── ProcessFlow.avsc │ ├── ResourceType.avsc │ ├── SFHeader.avsc │ ├── SFObjectState.avsc │ ├── Service.avsc │ └── SysFlow.avsc ├── generateCClasses.sh └── manifest ├── c++ └── sysflow │ ├── avsc_sysflow2.hh │ ├── avsc_sysflow3.hh │ ├── avsc_sysflow4.hh │ ├── avsc_sysflow5.hh │ ├── enums.hh │ └── sysflow.hh ├── go ├── config │ └── config.go ├── converter │ ├── constants.go │ └── sfconverter.go ├── generateClasses.sh ├── go.mod ├── go.sum ├── hash │ └── hash.go ├── ioutils │ └── ioutils.go ├── logger │ └── logger.go ├── plugins │ ├── driver.go │ ├── handler.go │ ├── pipeline.go │ ├── plugins.go │ ├── processor.go │ └── types.go ├── secrets │ └── secrets.go ├── sfgo │ ├── array_long.go │ ├── array_port.go │ ├── array_service.go │ ├── array_string.go │ ├── cont_union.go │ ├── container.go │ ├── container_container.go │ ├── container_id_union.go │ ├── container_type.go │ ├── fe_union.go │ ├── ff_union.go │ ├── file.go │ ├── file_container.go │ ├── file_event.go │ ├── file_event_container.go │ ├── file_flow.go │ ├── file_flow_container.go │ ├── file_union.go │ ├── flat_constants.go │ ├── flat_extended_constants.go │ ├── flat_record.go │ ├── foid.go │ ├── k8s_action.go │ ├── k8s_component.go │ ├── k8s_event.go │ ├── k8s_event_container.go │ ├── map_string.go │ ├── marshal.go │ ├── ne_union.go │ ├── network_event.go │ ├── network_event_container.go │ ├── network_flow.go │ ├── network_flow_container.go │ ├── new_file_oid_union.go │ ├── newfile_union.go │ ├── nf_union.go │ ├── oid.go │ ├── oid_container.go │ ├── op_flags.go │ ├── open_flags.go │ ├── pe_union.go │ ├── pf_union.go │ ├── pod.go │ ├── pod_container.go │ ├── pod_id_union.go │ ├── poid_union.go │ ├── port.go │ ├── port_container.go │ ├── process.go │ ├── process_container.go │ ├── process_event.go │ ├── process_event_container.go │ ├── process_flow.go │ ├── process_flow_container.go │ ├── proto.go │ ├── rec_union.go │ ├── record_type.go │ ├── service.go │ ├── service_container.go │ ├── sf_header.go │ ├── sf_header_container.go │ ├── sf_object_state.go │ ├── sys_flow.go │ ├── sys_flow_container.go │ ├── union_sf_header_container_process_file_process_event_network_flow_file_flow_file_event_network_event_process_flow.go │ └── utils.go └── utils │ ├── intset.go │ └── set.go ├── py3 ├── README.md ├── __init__.py ├── classes │ ├── __init__.py │ └── sysflow │ │ ├── __init__.py │ │ ├── formatter.py │ │ ├── grammar │ │ ├── __init__.py │ │ ├── generate.sh │ │ ├── sfql.g4 │ │ ├── sfql.interp │ │ ├── sfql.tokens │ │ ├── sfqlLexer.interp │ │ ├── sfqlLexer.py │ │ ├── sfqlLexer.tokens │ │ ├── sfqlListener.py │ │ └── sfqlParser.py │ │ ├── graphlet.py │ │ ├── objtypes.py │ │ ├── openflags.py │ │ ├── opflags.py │ │ ├── reader.py │ │ ├── sfql.py │ │ └── utils.py ├── genPython.py ├── setup.cfg ├── setup.py └── utils │ └── sysprint └── pynb ├── data ├── attacks │ └── express │ │ ├── mon.1531776682.sf │ │ ├── mon.1531776712.sf │ │ └── mon.1531776742.sf ├── client-server │ ├── client.c │ ├── server.c │ └── tcp-client-server.sf ├── files │ ├── files.c │ ├── files.sf │ ├── filesat.c │ ├── filesat.sf │ └── make.sh ├── mpm-event │ ├── Dockerfile │ ├── README.md │ ├── cold_start_capture.sf │ ├── full_capture.log │ ├── full_capture.sf │ ├── htdocs │ │ └── index.html │ ├── httpd.conf │ ├── run │ └── test ├── mpm-preforked │ ├── Dockerfile │ ├── README.md │ ├── cold_start_capture.sf │ ├── full_capture.sf │ ├── htdocs │ │ └── index.html │ ├── httpd.conf │ ├── mpm-preforked.sf │ ├── run │ └── test ├── mpm-worker │ ├── Dockerfile │ ├── README.md │ ├── cold_start_capture.sf │ ├── full_capture.sf │ ├── htdocs │ │ └── index.html │ ├── httpd.conf │ ├── run │ └── test ├── namespaces │ ├── create_ns.sh │ ├── enter_ns.sh │ └── setns.sf ├── nginx │ └── nginx.sf ├── objectstore │ ├── README.md │ ├── client │ ├── data │ │ ├── .minio.sys │ │ │ ├── buckets │ │ │ │ └── play │ │ │ │ │ ├── mon.1544763289 │ │ │ │ │ └── fs.json │ │ │ │ │ ├── mon.1544763319 │ │ │ │ │ └── fs.json │ │ │ │ │ ├── mon.1544763349 │ │ │ │ │ └── fs.json │ │ │ │ │ ├── mon.1544763379 │ │ │ │ │ └── fs.json │ │ │ │ │ ├── mon.1548965896 │ │ │ │ │ └── fs.json │ │ │ │ │ ├── mon.1548965926 │ │ │ │ │ └── fs.json │ │ │ │ │ ├── mon.1548965956 │ │ │ │ │ └── fs.json │ │ │ │ │ ├── mon.1548965986 │ │ │ │ │ └── fs.json │ │ │ │ │ ├── mon.1548966016 │ │ │ │ │ └── fs.json │ │ │ │ │ └── tcpclientserver │ │ │ │ │ └── fs.json │ │ │ └── format.json │ │ └── play │ │ │ ├── mon.1544763289 │ │ │ ├── mon.1544763319 │ │ │ ├── mon.1544763349 │ │ │ ├── mon.1544763379 │ │ │ ├── mon.1548965896 │ │ │ ├── mon.1548965926 │ │ │ ├── mon.1548965956 │ │ │ ├── mon.1548965986 │ │ │ ├── mon.1548966016 │ │ │ └── tcpclientserver │ ├── download.sf │ ├── ls.sf │ ├── run │ └── upload.sf └── setuid │ ├── make.sh │ ├── setuid.c │ └── setuid.sf ├── notebooks ├── FloCon2020 │ ├── FloConTalkDemo.ipynb │ ├── FloConTutorialDemo.ipynb │ ├── figures │ │ └── attack.png │ └── sfql │ │ └── defs.yaml ├── K8sDemo │ ├── data │ │ ├── experiment.log │ │ ├── experiment.sf │ │ └── experiment_df.pkl.gz │ ├── iframe_figures │ │ └── figure_14.html │ └── k8sDemo.ipynb └── MitreTagTimeline │ ├── MitreTagTimeline.ipynb │ ├── data │ └── mitre-tag-timeline │ │ ├── elastic_elastalert.json │ │ ├── elastic_snort.json │ │ └── elastic_sysflow.json │ ├── figures │ ├── attack_steps.png │ └── env_overview_mitre.png │ └── iframe_figures │ ├── figure_6.html │ └── figure_8.html └── requirements.txt /.dockerignore: -------------------------------------------------------------------------------- 1 | # ignore these files and directories when running docker build 2 | */.git* 3 | */.cache 4 | .travis* 5 | avro 6 | c\+\+ 7 | hooks* 8 | */*.md 9 | !README*.md 10 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Prerequisites 2 | *.d 3 | 4 | # Compiled Object files 5 | *.slo 6 | *.lo 7 | *.o 8 | *.obj 9 | 10 | # Precompiled Headers 11 | *.gch 12 | *.pch 13 | 14 | # Compiled Dynamic libraries 15 | *.so 16 | *.dylib 17 | *.dll 18 | 19 | # Fortran module files 20 | *.mod 21 | *.smod 22 | 23 | # Compiled Static libraries 24 | *.lai 25 | *.la 26 | *.a 27 | *.lib 28 | 29 | # Executables 30 | *.exe 31 | *.out 32 | *.app 33 | 34 | # Avro tools 35 | avro/avro-cpp 36 | avro/avro-tools 37 | 38 | # Misc 39 | *.DS_Store 40 | build 41 | dist 42 | *.egg-info 43 | *.antlr 44 | .vscode 45 | *.ipynb_checkpoints/ 46 | pynb/**/.env 47 | pynb/**/.venv 48 | c++/sysflow/avsc_sysflow.hh 49 | -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | # Contributor Covenant Code of Conduct 2 | 3 | ## Our Pledge 4 | 5 | In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation. 6 | 7 | ## Our Standards 8 | 9 | Examples of behavior that contributes to creating a positive environment include: 10 | 11 | * Using welcoming and inclusive language 12 | * Being respectful of differing viewpoints and experiences 13 | * Gracefully accepting constructive criticism 14 | * Focusing on what is best for the community 15 | * Showing empathy towards other community members 16 | 17 | Examples of unacceptable behavior by participants include: 18 | 19 | * The use of sexualized language or imagery and unwelcome sexual attention or advances 20 | * Trolling, insulting/derogatory comments, and personal or political attacks 21 | * Public or private harassment 22 | * Publishing others' private information, such as a physical or electronic address, without explicit permission 23 | * Other conduct which could reasonably be considered inappropriate in a professional setting 24 | 25 | ## Our Responsibilities 26 | 27 | Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior. 28 | 29 | Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful. 30 | 31 | ## Scope 32 | 33 | This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers. 34 | 35 | ## Enforcement 36 | 37 | Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at [Slack channel](https://join.slack.com/t/sysflow-telemetry/shared_invite/enQtODA5OTA3NjE0MTAzLTlkMGJlZDQzYTc3MzhjMzUwNDExNmYyNWY0NWIwODNjYmRhYWEwNGU0ZmFkNGQ2NzVmYjYxMWFjYTM1MzA5YWQ) or via [email](mailto:sysflow@us.ibm.com). The project team will review and investigate all complaints, and will respond in a way that it deems appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately. 38 | 39 | Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership. 40 | 41 | ## Attribution 42 | 43 | This Code of Conduct is adapted from the Qiskit project's [Code of Conduct](https://github.com/Qiskit/qiskit/blob/master/CODE_OF_CONDUCT.md) and has roots from the [Contributor Covenant](https://www.contributor-covenant.org/), version 1.4, available at [version](http://contributor-covenant.org/version/1/4). 44 | -------------------------------------------------------------------------------- /Dockerfile.sfnb: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (C) 2021 IBM Corporation. 3 | # 4 | # Authors: 5 | # Frederico Araujo 6 | # Teryl Taylor 7 | # 8 | # Licensed under the Apache License, Version 2.0 (the "License"); 9 | # you may not use this file except in compliance with the License. 10 | # You may obtain a copy of the License at 11 | # 12 | # http://www.apache.org/licenses/LICENSE-2.0 13 | # 14 | # Unless required by applicable law or agreed to in writing, software 15 | # distributed under the License is distributed on an "AS IS" BASIS, 16 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 17 | # See the License for the specific language governing permissions and 18 | # limitations under the License. 19 | ARG JUPYTER_VERSION=lab-3.4.0 20 | FROM jupyter/scipy-notebook:${JUPYTER_VERSION} 21 | 22 | # Build args 23 | ARG VERSION=dev 24 | ARG RELEASE=dev 25 | 26 | # Update Labels 27 | LABEL "name"="SysFlow Notebook" 28 | LABEL "vendor"="SysFlow" 29 | LABEL "maintainer"="The SysFlow team" 30 | LABEL "documentation"="https://sysflow.readthedocs.io" 31 | LABEL "version"="${VERSION}" 32 | LABEL "release"="${RELEASE}" 33 | LABEL "jupyter.version"="${JUPYTER_VERSION}" 34 | LABEL "summary"="The SysFlow Notebook is a pre-configured Jupyter Notebook based on scipy-notebook for SysFlow." 35 | LABEL "description"="The SysFlow Notebook is a pre-configured Jupyter Notebook based on scipy-notebook for SysFlow." 36 | LABEL "io.k8s.display-name"="SysFlow Notebook" 37 | LABEL "io.k8s.description"="The SysFlow Notebook is a pre-configured Jupyter Notebook based on scipy-notebook for SysFlow." 38 | 39 | # Install graphviz python bindings and rise 40 | RUN conda install -y graphviz && conda install -y -c conda-forge rise 41 | 42 | # Copy sources 43 | COPY --chown=$NB_UID:$NB_UID py3 /tmp/build 44 | COPY --chown=$NB_UID:$NB_UID pynb/requirements.txt /tmp/build/requirements.pynb.txt 45 | 46 | # Install sysflow API 47 | RUN cd /tmp/build && pip install -r requirements.pynb.txt && pip install . && rm -r /tmp/build 48 | -------------------------------------------------------------------------------- /Dockerfile.sysprint: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (C) 2021 IBM Corporation. 3 | # 4 | # Authors: 5 | # Frederico Araujo 6 | # Teryl Taylor 7 | # 8 | # Licensed under the Apache License, Version 2.0 (the "License"); 9 | # you may not use this file except in compliance with the License. 10 | # You may obtain a copy of the License at 11 | # 12 | # http://www.apache.org/licenses/LICENSE-2.0 13 | # 14 | # Unless required by applicable law or agreed to in writing, software 15 | # distributed under the License is distributed on an "AS IS" BASIS, 16 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 17 | # See the License for the specific language governing permissions and 18 | # limitations under the License. 19 | ARG UBI_VER=8.8-860 20 | FROM registry.access.redhat.com/ubi8/ubi-minimal:${UBI_VER} 21 | 22 | # Build args 23 | ARG VERSION=dev 24 | ARG RELEASE=dev 25 | 26 | # Update Labels 27 | LABEL "name"="SysFlow Printer (a.k.a. sysprint)" 28 | LABEL "vendor"="SysFlow" 29 | LABEL "maintainer"="The SysFlow team" 30 | LABEL "documentation"="https://sysflow.readthedocs.io" 31 | LABEL "version"="${VERSION}" 32 | LABEL "release"="${RELEASE}" 33 | LABEL "summary"="The SysFlow Printer is a command-line utility for inspecting SysFlow traces." 34 | LABEL "description"="The SysFlow Printer is a command-line utility for inspecting SysFlow traces." 35 | LABEL "io.k8s.display-name"="SysFlow Printer" 36 | LABEL "io.k8s.description"="The SysFlow Printer is a command-line utility for inspecting SysFlow traces." 37 | 38 | # Install Python environment 39 | RUN microdnf install -y --disableplugin=subscription-manager \ 40 | gcc \ 41 | python39-devel \ 42 | libffi-devel && \ 43 | microdnf -y clean all && rm -rf /var/cache/dnf && \ 44 | mkdir -p /usr/local/lib/python3.9/site-packages 45 | 46 | # sources 47 | COPY py3 /tmp/build 48 | 49 | # install sysflow API 50 | RUN cd /tmp/build && python3 -m pip install . && rm -r /tmp/build 51 | 52 | # set timezone 53 | ENV TZ=UTC 54 | 55 | ENTRYPOINT ["/usr/local/bin/sysprint"] 56 | -------------------------------------------------------------------------------- /MAINTAINERS.md: -------------------------------------------------------------------------------- 1 | # MAINTAINERS 2 | 3 | Frederico Araujo 4 | 5 | Teryl Taylor 6 | -------------------------------------------------------------------------------- /avro/avdl/entity/container.avdl: -------------------------------------------------------------------------------- 1 | /** Copyright (C) 2019 IBM Corporation. 2 | * 3 | * Authors: 4 | * Frederico Araujo 5 | * Teryl Taylor 6 | * 7 | * Licensed under the Apache License, Version 2.0 (the "License"); 8 | * you may not use this file except in compliance with the License. 9 | * You may obtain a copy of the License at 10 | * 11 | * http://www.apache.org/licenses/LICENSE-2.0 12 | * 13 | * Unless required by applicable law or agreed to in writing, software 14 | * distributed under the License is distributed on an "AS IS" BASIS, 15 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | * See the License for the specific language governing permissions and 17 | * limitations under the License. 18 | **/ 19 | @namespace ("sysflow.entity") 20 | 21 | protocol SysFlow { 22 | import idl "../type/datatypes.avdl"; 23 | 24 | record Container { 25 | string id; 26 | string name; 27 | string image; 28 | string imageid; 29 | sysflow.type.ContainerType type; 30 | boolean privileged; 31 | union{null, string} podId; 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /avro/avdl/entity/file.avdl: -------------------------------------------------------------------------------- 1 | /** Copyright (C) 2019 IBM Corporation. 2 | * 3 | * Authors: 4 | * Frederico Araujo 5 | * Teryl Taylor 6 | * 7 | * Licensed under the Apache License, Version 2.0 (the "License"); 8 | * you may not use this file except in compliance with the License. 9 | * You may obtain a copy of the License at 10 | * 11 | * http://www.apache.org/licenses/LICENSE-2.0 12 | * 13 | * Unless required by applicable law or agreed to in writing, software 14 | * distributed under the License is distributed on an "AS IS" BASIS, 15 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | * See the License for the specific language governing permissions and 17 | * limitations under the License. 18 | **/ 19 | @namespace("sysflow.entity") 20 | protocol SysFlow { 21 | import idl "../type/datatypes.avdl"; 22 | import idl "container.avdl"; 23 | record File { 24 | sysflow.type.SFObjectState state; //state of file - created, modified, reupped 25 | sysflow.type.FOID oid; // hash file id, container id, into 128 bit value. 26 | long ts; 27 | int restype; 28 | string path; 29 | union{null, string} containerId; 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /avro/avdl/entity/header.avdl: -------------------------------------------------------------------------------- 1 | /** Copyright (C) 2019 IBM Corporation. 2 | * 3 | * Authors: 4 | * Frederico Araujo 5 | * Teryl Taylor 6 | * 7 | * Licensed under the Apache License, Version 2.0 (the "License"); 8 | * you may not use this file except in compliance with the License. 9 | * You may obtain a copy of the License at 10 | * 11 | * http://www.apache.org/licenses/LICENSE-2.0 12 | * 13 | * Unless required by applicable law or agreed to in writing, software 14 | * distributed under the License is distributed on an "AS IS" BASIS, 15 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | * See the License for the specific language governing permissions and 17 | * limitations under the License. 18 | **/ 19 | @namespace("sysflow.entity") 20 | protocol SysFlow { 21 | record SFHeader { 22 | long version = 5; 23 | string exporter; 24 | string ip = "NA"; 25 | string filename; 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /avro/avdl/entity/pod.avdl: -------------------------------------------------------------------------------- 1 | /** Copyright (C) 2022 IBM Corporation. 2 | * 3 | * Authors: 4 | * Frederico Araujo 5 | * Teryl Taylor 6 | * 7 | * Licensed under the Apache License, Version 2.0 (the "License"); 8 | * you may not use this file except in compliance with the License. 9 | * You may obtain a copy of the License at 10 | * 11 | * http://www.apache.org/licenses/LICENSE-2.0 12 | * 13 | * Unless required by applicable law or agreed to in writing, software 14 | * distributed under the License is distributed on an "AS IS" BASIS, 15 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | * See the License for the specific language governing permissions and 17 | * limitations under the License. 18 | **/ 19 | @namespace("sysflow.entity") 20 | protocol SysFlow { 21 | import idl "../type/datatypes.avdl"; 22 | import idl "container.avdl"; 23 | 24 | record Port { 25 | int port; 26 | int targetPort; 27 | int nodePort; 28 | string proto; 29 | } 30 | 31 | record Service { 32 | string name; 33 | string id; 34 | string namespace; 35 | array portList; 36 | @logicalType("ipaddr") 37 | array clusterIP; 38 | } 39 | 40 | record Pod { 41 | long ts; 42 | string id; 43 | string name; 44 | string nodeName; 45 | @logicalType("ipaddr") 46 | array hostIP; 47 | @logicalType("ipaddr") 48 | array internalIP; 49 | string namespace; 50 | long restartCount; 51 | map labels; 52 | map selectors; 53 | array services; 54 | } 55 | } 56 | -------------------------------------------------------------------------------- /avro/avdl/entity/process.avdl: -------------------------------------------------------------------------------- 1 | /** Copyright (C) 2019 IBM Corporation. 2 | * 3 | * Authors: 4 | * Frederico Araujo 5 | * Teryl Taylor 6 | * 7 | * Licensed under the Apache License, Version 2.0 (the "License"); 8 | * you may not use this file except in compliance with the License. 9 | * You may obtain a copy of the License at 10 | * 11 | * http://www.apache.org/licenses/LICENSE-2.0 12 | * 13 | * Unless required by applicable law or agreed to in writing, software 14 | * distributed under the License is distributed on an "AS IS" BASIS, 15 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | * See the License for the specific language governing permissions and 17 | * limitations under the License. 18 | **/ 19 | @namespace("sysflow.entity") 20 | protocol SysFlow { 21 | import idl "../type/datatypes.avdl"; 22 | import idl "container.avdl"; 23 | record Process { 24 | sysflow.type.SFObjectState state; //sysflow process object state.. created, modified, reupped 25 | sysflow.type.OID oid; // monotonic process creation time + host PID 26 | union{null, sysflow.type.OID} poid; 27 | long ts; 28 | string exe; 29 | string exeArgs; 30 | int uid; 31 | string userName; 32 | int gid; 33 | string groupName; 34 | boolean tty; 35 | union{null, string} containerId; 36 | boolean entry = false; 37 | string cwd; 38 | array env; 39 | } 40 | } 41 | -------------------------------------------------------------------------------- /avro/avdl/event/fileevent.avdl: -------------------------------------------------------------------------------- 1 | /** Copyright (C) 2019 IBM Corporation. 2 | * 3 | * Authors: 4 | * Frederico Araujo 5 | * Teryl Taylor 6 | * 7 | * Licensed under the Apache License, Version 2.0 (the "License"); 8 | * you may not use this file except in compliance with the License. 9 | * You may obtain a copy of the License at 10 | * 11 | * http://www.apache.org/licenses/LICENSE-2.0 12 | * 13 | * Unless required by applicable law or agreed to in writing, software 14 | * distributed under the License is distributed on an "AS IS" BASIS, 15 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | * See the License for the specific language governing permissions and 17 | * limitations under the License. 18 | **/ 19 | @namespace("sysflow.event") 20 | protocol SysFlow { 21 | import idl "../type/datatypes.avdl"; 22 | record FileEvent { 23 | sysflow.type.OID procOID; // host ID + monotonic process creation time + host PID 24 | long ts; 25 | long tid; 26 | int opFlags; 27 | sysflow.type.FOID fileOID; 28 | int ret; 29 | union{null, sysflow.type.FOID} newFileOID; 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /avro/avdl/event/k8sevent.avdl: -------------------------------------------------------------------------------- 1 | /** Copyright (C) 2022 IBM Corporation. 2 | * 3 | * Authors: 4 | * Frederico Araujo 5 | * Teryl Taylor 6 | * 7 | * Licensed under the Apache License, Version 2.0 (the "License"); 8 | * you may not use this file except in compliance with the License. 9 | * You may obtain a copy of the License at 10 | * 11 | * http://www.apache.org/licenses/LICENSE-2.0 12 | * 13 | * Unless required by applicable law or agreed to in writing, software 14 | * distributed under the License is distributed on an "AS IS" BASIS, 15 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | * See the License for the specific language governing permissions and 17 | * limitations under the License. 18 | **/ 19 | @namespace("sysflow.event") 20 | /* 21 | {"apiVersion":"v1","items":[{"addresses":["192.168.99.102","minikube"],"labels":{"beta.kubernetes.io/arch":"amd64","beta.kubernetes.io/os":"linux","kubernetes.io/arch":"amd64","kubernetes.io/hostname":"minikube","kubernetes.io/os":"linux","minikube.k8s.io/commit":"23f40a012abb52eff365ff99a709501a61ac5876","minikube.k8s.io/name":"minikube","minikube.k8s.io/updated_at":"2021_03_20T20_24_20_0700","minikube.k8s.io/version":"v1.15.1","node-role.kubernetes.io/master":""},"name":"minikube","timestamp":"2021-03-20T20:24:16Z","uid":"b8213733-2f08-4f65-8780-ee99ca5e30d3"}],"kind":"Node","type":"MODIFIED"}*/ 22 | 23 | protocol SysFlow { 24 | import idl "../type/datatypes.avdl"; 25 | 26 | record K8sEvent { 27 | sysflow.type.K8sComponent kind; 28 | sysflow.type.K8sAction action; 29 | long ts; 30 | string message; 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /avro/avdl/event/networkevent.avdl: -------------------------------------------------------------------------------- 1 | /** Copyright (C) 2019 IBM Corporation. 2 | * 3 | * Authors: 4 | * Frederico Araujo 5 | * Teryl Taylor 6 | * 7 | * Licensed under the Apache License, Version 2.0 (the "License"); 8 | * you may not use this file except in compliance with the License. 9 | * You may obtain a copy of the License at 10 | * 11 | * http://www.apache.org/licenses/LICENSE-2.0 12 | * 13 | * Unless required by applicable law or agreed to in writing, software 14 | * distributed under the License is distributed on an "AS IS" BASIS, 15 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | * See the License for the specific language governing permissions and 17 | * limitations under the License. 18 | **/ 19 | @namespace("sysflow.event") 20 | protocol SysFlow { 21 | import idl "../type/datatypes.avdl"; 22 | record NetworkEvent { 23 | sysflow.type.OID procOID; // host ID + monotonic process creation time + host PID 24 | long ts; 25 | long tid; 26 | int opFlags; 27 | int sip; 28 | int sport; 29 | int dip; 30 | int dport; 31 | int proto; 32 | int ret; 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /avro/avdl/event/processevent.avdl: -------------------------------------------------------------------------------- 1 | /** Copyright (C) 2019 IBM Corporation. 2 | * 3 | * Authors: 4 | * Frederico Araujo 5 | * Teryl Taylor 6 | * 7 | * Licensed under the Apache License, Version 2.0 (the "License"); 8 | * you may not use this file except in compliance with the License. 9 | * You may obtain a copy of the License at 10 | * 11 | * http://www.apache.org/licenses/LICENSE-2.0 12 | * 13 | * Unless required by applicable law or agreed to in writing, software 14 | * distributed under the License is distributed on an "AS IS" BASIS, 15 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | * See the License for the specific language governing permissions and 17 | * limitations under the License. 18 | **/ 19 | @namespace("sysflow.event") 20 | protocol SysFlow { 21 | import idl "../type/datatypes.avdl"; 22 | record ProcessEvent { 23 | sysflow.type.OID procOID; // host ID + monotonic process creation time + host PID 24 | long ts; 25 | long tid; 26 | int opFlags; 27 | array args; 28 | int ret; 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /avro/avdl/flow/fileflow.avdl: -------------------------------------------------------------------------------- 1 | /** Copyright (C) 2019 IBM Corporation. 2 | * 3 | * Authors: 4 | * Frederico Araujo 5 | * Teryl Taylor 6 | * 7 | * Licensed under the Apache License, Version 2.0 (the "License"); 8 | * you may not use this file except in compliance with the License. 9 | * You may obtain a copy of the License at 10 | * 11 | * http://www.apache.org/licenses/LICENSE-2.0 12 | * 13 | * Unless required by applicable law or agreed to in writing, software 14 | * distributed under the License is distributed on an "AS IS" BASIS, 15 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | * See the License for the specific language governing permissions and 17 | * limitations under the License. 18 | **/ 19 | @namespace("sysflow.flow") 20 | protocol SysFlow { 21 | import idl "../type/datatypes.avdl"; 22 | record FileFlow { 23 | sysflow.type.OID procOID; // host ID + monotonic process creation time + host PID 24 | long ts; 25 | long tid; 26 | int opFlags; 27 | int openFlags; 28 | long endTs; 29 | sysflow.type.FOID fileOID; 30 | int fd; 31 | long numRRecvOps; 32 | long numWSendOps; 33 | long numRRecvBytes; 34 | long numWSendBytes; 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /avro/avdl/flow/networkflow.avdl: -------------------------------------------------------------------------------- 1 | /** Copyright (C) 2019 IBM Corporation. 2 | * 3 | * Authors: 4 | * Frederico Araujo 5 | * Teryl Taylor 6 | * 7 | * Licensed under the Apache License, Version 2.0 (the "License"); 8 | * you may not use this file except in compliance with the License. 9 | * You may obtain a copy of the License at 10 | * 11 | * http://www.apache.org/licenses/LICENSE-2.0 12 | * 13 | * Unless required by applicable law or agreed to in writing, software 14 | * distributed under the License is distributed on an "AS IS" BASIS, 15 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | * See the License for the specific language governing permissions and 17 | * limitations under the License. 18 | **/ 19 | @namespace("sysflow.flow") 20 | protocol SysFlow { 21 | import idl "../type/datatypes.avdl"; 22 | record NetworkFlow { 23 | sysflow.type.OID procOID; // host ID + monotonic process creation time + host PID 24 | long ts; 25 | long tid; 26 | int opFlags; 27 | long endTs; 28 | int sip; 29 | int sport; 30 | int dip; 31 | int dport; 32 | int proto; 33 | int fd; 34 | long numRRecvOps; 35 | long numWSendOps; 36 | long numRRecvBytes; 37 | long numWSendBytes; 38 | } 39 | } 40 | -------------------------------------------------------------------------------- /avro/avdl/flow/processflow.avdl: -------------------------------------------------------------------------------- 1 | /** Copyright (C) 2019 IBM Corporation. 2 | * 3 | * Authors: 4 | * Frederico Araujo 5 | * Teryl Taylor 6 | * 7 | * Licensed under the Apache License, Version 2.0 (the "License"); 8 | * you may not use this file except in compliance with the License. 9 | * You may obtain a copy of the License at 10 | * 11 | * http://www.apache.org/licenses/LICENSE-2.0 12 | * 13 | * Unless required by applicable law or agreed to in writing, software 14 | * distributed under the License is distributed on an "AS IS" BASIS, 15 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | * See the License for the specific language governing permissions and 17 | * limitations under the License. 18 | **/ 19 | @namespace("sysflow.flow") 20 | protocol SysFlow { 21 | import idl "../type/datatypes.avdl"; 22 | record ProcessFlow { 23 | sysflow.type.OID procOID; // host ID + monotonic process creation time + host PID 24 | long ts; 25 | long numThreadsCloned; 26 | int opFlags; 27 | long endTs; 28 | long numThreadsExited; 29 | long numCloneErrors; 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /avro/avdl/sysflow.avdl: -------------------------------------------------------------------------------- 1 | /** Copyright (C) 2019 IBM Corporation. 2 | * 3 | * Authors: 4 | * Frederico Araujo 5 | * Teryl Taylor 6 | * 7 | * Licensed under the Apache License, Version 2.0 (the "License"); 8 | * you may not use this file except in compliance with the License. 9 | * You may obtain a copy of the License at 10 | * 11 | * http://www.apache.org/licenses/LICENSE-2.0 12 | * 13 | * Unless required by applicable law or agreed to in writing, software 14 | * distributed under the License is distributed on an "AS IS" BASIS, 15 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | * See the License for the specific language governing permissions and 17 | * limitations under the License. 18 | **/ 19 | @namespace("sysflow") 20 | protocol SysFlow { 21 | import idl "flow/processflow.avdl"; 22 | import idl "flow/networkflow.avdl"; 23 | import idl "flow/fileflow.avdl"; 24 | import idl "event/processevent.avdl"; 25 | import idl "event/networkevent.avdl"; 26 | import idl "event/fileevent.avdl"; 27 | import idl "entity/process.avdl"; 28 | import idl "entity/header.avdl"; 29 | import idl "entity/container.avdl"; 30 | import idl "entity/file.avdl"; 31 | import idl "entity/pod.avdl"; 32 | import idl "event/k8sevent.avdl"; 33 | 34 | 35 | record SysFlow { 36 | union {sysflow.entity.SFHeader, sysflow.entity.Container, sysflow.entity.Process, sysflow.entity.File, sysflow.event.ProcessEvent, sysflow.flow.NetworkFlow, sysflow.flow.FileFlow, sysflow.event.FileEvent, sysflow.event.NetworkEvent, sysflow.flow.ProcessFlow, sysflow.entity.Pod, sysflow.event.K8sEvent} rec; 37 | } 38 | } 39 | -------------------------------------------------------------------------------- /avro/avdl/type/datatypes.avdl: -------------------------------------------------------------------------------- 1 | /** Copyright (C) 2019 IBM Corporation. 2 | * 3 | * Authors: 4 | * Frederico Araujo 5 | * Teryl Taylor 6 | * 7 | * Licensed under the Apache License, Version 2.0 (the "License"); 8 | * you may not use this file except in compliance with the License. 9 | * You may obtain a copy of the License at 10 | * 11 | * http://www.apache.org/licenses/LICENSE-2.0 12 | * 13 | * Unless required by applicable law or agreed to in writing, software 14 | * distributed under the License is distributed on an "AS IS" BASIS, 15 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | * See the License for the specific language governing permissions and 17 | * limitations under the License. 18 | **/ 19 | @namespace ("sysflow.type") 20 | 21 | protocol SysFlow { 22 | 23 | record OID { 24 | long createTS; 25 | long hpid; 26 | } 27 | 28 | fixed FOID(20); 29 | 30 | 31 | fixed ContainerID(6); 32 | 33 | enum SFObjectState { 34 | CREATED, 35 | MODIFIED, 36 | REUP 37 | } 38 | 39 | enum ContainerType { 40 | CT_DOCKER, 41 | CT_LXC, 42 | CT_LIBVIRT_LXC, 43 | CT_MESOS, 44 | CT_RKT, 45 | CT_CUSTOM, 46 | CT_CRI, 47 | CT_CONTAINERD, 48 | CT_CRIO, 49 | CT_BPM 50 | } 51 | 52 | enum K8sAction { 53 | K8S_COMPONENT_ADDED, 54 | K8S_COMPONENT_MODIFIED, 55 | K8S_COMPONENT_DELETED, 56 | K8S_COMPONENT_ERROR, 57 | K8S_COMPONENT_NONEXISTENT, 58 | K8S_COMPONENT_UNKNOWN 59 | } 60 | 61 | enum K8sComponent { 62 | K8S_NODES, 63 | K8S_NAMESPACES, 64 | K8S_PODS, 65 | K8S_REPLICATIONCONTROLLERS, 66 | K8S_SERVICES, 67 | K8S_EVENTS, 68 | K8S_REPLICASETS, 69 | K8S_DAEMONSETS, 70 | K8S_DEPLOYMENTS, 71 | K8S_UNKNOWN 72 | } 73 | 74 | 75 | } 76 | -------------------------------------------------------------------------------- /avro/avsc/ActionType.avsc: -------------------------------------------------------------------------------- 1 | { 2 | "type" : "enum", 3 | "name" : "ActionType", 4 | "namespace" : "sysflow.type", 5 | "symbols" : [ "CREATED", "MODIFIED", "REUP" ] 6 | } 7 | -------------------------------------------------------------------------------- /avro/avsc/Container.avsc: -------------------------------------------------------------------------------- 1 | { 2 | "type" : "record", 3 | "name" : "Container", 4 | "namespace" : "sysflow.entity", 5 | "fields" : [ { 6 | "name" : "id", 7 | "type" : "string" 8 | }, { 9 | "name" : "name", 10 | "type" : "string" 11 | }, { 12 | "name" : "image", 13 | "type" : "string" 14 | }, { 15 | "name" : "imageid", 16 | "type" : "string" 17 | }, { 18 | "name" : "type", 19 | "type" : { 20 | "type" : "enum", 21 | "name" : "ContainerType", 22 | "namespace" : "sysflow.type", 23 | "symbols" : [ "CT_DOCKER", "CT_LXC", "CT_LIBVIRT_LXC", "CT_MESOS", "CT_RKT", "CT_CUSTOM", "CT_CRI", "CT_CONTAINERD", "CT_CRIO", "CT_BPM" ] 24 | } 25 | }, { 26 | "name" : "privileged", 27 | "type" : "boolean" 28 | }, { 29 | "name" : "podId", 30 | "type" : [ "null", "string" ] 31 | } ] 32 | } 33 | -------------------------------------------------------------------------------- /avro/avsc/ContainerID.avsc: -------------------------------------------------------------------------------- 1 | { 2 | "type" : "fixed", 3 | "name" : "ContainerID", 4 | "namespace" : "sysflow.type", 5 | "size" : 6 6 | } 7 | -------------------------------------------------------------------------------- /avro/avsc/ContainerType.avsc: -------------------------------------------------------------------------------- 1 | { 2 | "type" : "enum", 3 | "name" : "ContainerType", 4 | "namespace" : "sysflow.type", 5 | "symbols" : [ "CT_DOCKER", "CT_LXC", "CT_LIBVIRT_LXC", "CT_MESOS", "CT_RKT", "CT_CUSTOM", "CT_CRI", "CT_CONTAINERD", "CT_CRIO", "CT_BPM" ] 6 | } 7 | -------------------------------------------------------------------------------- /avro/avsc/EventType.avsc: -------------------------------------------------------------------------------- 1 | { 2 | "type" : "enum", 3 | "name" : "EventType", 4 | "namespace" : "sysflow.type", 5 | "symbols" : [ "CLONE", "EXEC", "EXIT" ] 6 | } 7 | -------------------------------------------------------------------------------- /avro/avsc/FOID.avsc: -------------------------------------------------------------------------------- 1 | { 2 | "type" : "fixed", 3 | "name" : "FOID", 4 | "namespace" : "sysflow.type", 5 | "size" : 20 6 | } 7 | -------------------------------------------------------------------------------- /avro/avsc/File.avsc: -------------------------------------------------------------------------------- 1 | { 2 | "type" : "record", 3 | "name" : "File", 4 | "namespace" : "sysflow.entity", 5 | "fields" : [ { 6 | "name" : "state", 7 | "type" : { 8 | "type" : "enum", 9 | "name" : "SFObjectState", 10 | "namespace" : "sysflow.type", 11 | "symbols" : [ "CREATED", "MODIFIED", "REUP" ] 12 | } 13 | }, { 14 | "name" : "oid", 15 | "type" : { 16 | "type" : "fixed", 17 | "name" : "FOID", 18 | "namespace" : "sysflow.type", 19 | "size" : 20 20 | } 21 | }, { 22 | "name" : "ts", 23 | "type" : "long" 24 | }, { 25 | "name" : "restype", 26 | "type" : "int" 27 | }, { 28 | "name" : "path", 29 | "type" : "string" 30 | }, { 31 | "name" : "containerId", 32 | "type" : [ "null", "string" ] 33 | } ] 34 | } 35 | -------------------------------------------------------------------------------- /avro/avsc/FileEvent.avsc: -------------------------------------------------------------------------------- 1 | { 2 | "type" : "record", 3 | "name" : "FileEvent", 4 | "namespace" : "sysflow.event", 5 | "fields" : [ { 6 | "name" : "procOID", 7 | "type" : { 8 | "type" : "record", 9 | "name" : "OID", 10 | "namespace" : "sysflow.type", 11 | "fields" : [ { 12 | "name" : "createTS", 13 | "type" : "long" 14 | }, { 15 | "name" : "hpid", 16 | "type" : "long" 17 | } ] 18 | } 19 | }, { 20 | "name" : "ts", 21 | "type" : "long" 22 | }, { 23 | "name" : "tid", 24 | "type" : "long" 25 | }, { 26 | "name" : "opFlags", 27 | "type" : "int" 28 | }, { 29 | "name" : "fileOID", 30 | "type" : { 31 | "type" : "fixed", 32 | "name" : "FOID", 33 | "namespace" : "sysflow.type", 34 | "size" : 20 35 | } 36 | }, { 37 | "name" : "ret", 38 | "type" : "int" 39 | }, { 40 | "name" : "newFileOID", 41 | "type" : [ "null", "sysflow.type.FOID" ] 42 | } ] 43 | } 44 | -------------------------------------------------------------------------------- /avro/avsc/FileFlow.avsc: -------------------------------------------------------------------------------- 1 | { 2 | "type" : "record", 3 | "name" : "FileFlow", 4 | "namespace" : "sysflow.flow", 5 | "fields" : [ { 6 | "name" : "procOID", 7 | "type" : { 8 | "type" : "record", 9 | "name" : "OID", 10 | "namespace" : "sysflow.type", 11 | "fields" : [ { 12 | "name" : "createTS", 13 | "type" : "long" 14 | }, { 15 | "name" : "hpid", 16 | "type" : "long" 17 | } ] 18 | } 19 | }, { 20 | "name" : "ts", 21 | "type" : "long" 22 | }, { 23 | "name" : "tid", 24 | "type" : "long" 25 | }, { 26 | "name" : "opFlags", 27 | "type" : "int" 28 | }, { 29 | "name" : "openFlags", 30 | "type" : "int" 31 | }, { 32 | "name" : "endTs", 33 | "type" : "long" 34 | }, { 35 | "name" : "fileOID", 36 | "type" : { 37 | "type" : "fixed", 38 | "name" : "FOID", 39 | "namespace" : "sysflow.type", 40 | "size" : 20 41 | } 42 | }, { 43 | "name" : "fd", 44 | "type" : "int" 45 | }, { 46 | "name" : "numRRecvOps", 47 | "type" : "long" 48 | }, { 49 | "name" : "numWSendOps", 50 | "type" : "long" 51 | }, { 52 | "name" : "numRRecvBytes", 53 | "type" : "long" 54 | }, { 55 | "name" : "numWSendBytes", 56 | "type" : "long" 57 | } ] 58 | } 59 | -------------------------------------------------------------------------------- /avro/avsc/K8sAction.avsc: -------------------------------------------------------------------------------- 1 | { 2 | "type" : "enum", 3 | "name" : "K8sAction", 4 | "namespace" : "sysflow.type", 5 | "symbols" : [ "K8S_COMPONENT_ADDED", "K8S_COMPONENT_MODIFIED", "K8S_COMPONENT_DELETED", "K8S_COMPONENT_ERROR", "K8S_COMPONENT_NONEXISTENT", "K8S_COMPONENT_UNKNOWN" ] 6 | } 7 | -------------------------------------------------------------------------------- /avro/avsc/K8sComponent.avsc: -------------------------------------------------------------------------------- 1 | { 2 | "type" : "enum", 3 | "name" : "K8sComponent", 4 | "namespace" : "sysflow.type", 5 | "symbols" : [ "K8S_NODES", "K8S_NAMESPACES", "K8S_PODS", "K8S_REPLICATIONCONTROLLERS", "K8S_SERVICES", "K8S_EVENTS", "K8S_REPLICASETS", "K8S_DAEMONSETS", "K8S_DEPLOYMENTS", "K8S_UNKNOWN" ] 6 | } 7 | -------------------------------------------------------------------------------- /avro/avsc/K8sEvent.avsc: -------------------------------------------------------------------------------- 1 | { 2 | "type" : "record", 3 | "name" : "K8sEvent", 4 | "namespace" : "sysflow.event", 5 | "fields" : [ { 6 | "name" : "kind", 7 | "type" : { 8 | "type" : "enum", 9 | "name" : "K8sComponent", 10 | "namespace" : "sysflow.type", 11 | "symbols" : [ "K8S_NODES", "K8S_NAMESPACES", "K8S_PODS", "K8S_REPLICATIONCONTROLLERS", "K8S_SERVICES", "K8S_EVENTS", "K8S_REPLICASETS", "K8S_DAEMONSETS", "K8S_DEPLOYMENTS", "K8S_UNKNOWN" ] 12 | } 13 | }, { 14 | "name" : "action", 15 | "type" : { 16 | "type" : "enum", 17 | "name" : "K8sAction", 18 | "namespace" : "sysflow.type", 19 | "symbols" : [ "K8S_COMPONENT_ADDED", "K8S_COMPONENT_MODIFIED", "K8S_COMPONENT_DELETED", "K8S_COMPONENT_ERROR", "K8S_COMPONENT_NONEXISTENT", "K8S_COMPONENT_UNKNOWN" ] 20 | } 21 | }, { 22 | "name" : "ts", 23 | "type" : "long" 24 | }, { 25 | "name" : "message", 26 | "type" : "string" 27 | } ] 28 | } 29 | -------------------------------------------------------------------------------- /avro/avsc/NetworkEvent.avsc: -------------------------------------------------------------------------------- 1 | { 2 | "type" : "record", 3 | "name" : "NetworkEvent", 4 | "namespace" : "sysflow.event", 5 | "fields" : [ { 6 | "name" : "procOID", 7 | "type" : { 8 | "type" : "record", 9 | "name" : "OID", 10 | "namespace" : "sysflow.type", 11 | "fields" : [ { 12 | "name" : "createTS", 13 | "type" : "long" 14 | }, { 15 | "name" : "hpid", 16 | "type" : "long" 17 | } ] 18 | } 19 | }, { 20 | "name" : "ts", 21 | "type" : "long" 22 | }, { 23 | "name" : "tid", 24 | "type" : "long" 25 | }, { 26 | "name" : "opFlags", 27 | "type" : "int" 28 | }, { 29 | "name" : "sip", 30 | "type" : "int" 31 | }, { 32 | "name" : "sport", 33 | "type" : "int" 34 | }, { 35 | "name" : "dip", 36 | "type" : "int" 37 | }, { 38 | "name" : "dport", 39 | "type" : "int" 40 | }, { 41 | "name" : "proto", 42 | "type" : "int" 43 | }, { 44 | "name" : "ret", 45 | "type" : "int" 46 | } ] 47 | } 48 | -------------------------------------------------------------------------------- /avro/avsc/NetworkFlow.avsc: -------------------------------------------------------------------------------- 1 | { 2 | "type" : "record", 3 | "name" : "NetworkFlow", 4 | "namespace" : "sysflow.flow", 5 | "fields" : [ { 6 | "name" : "procOID", 7 | "type" : { 8 | "type" : "record", 9 | "name" : "OID", 10 | "namespace" : "sysflow.type", 11 | "fields" : [ { 12 | "name" : "createTS", 13 | "type" : "long" 14 | }, { 15 | "name" : "hpid", 16 | "type" : "long" 17 | } ] 18 | } 19 | }, { 20 | "name" : "ts", 21 | "type" : "long" 22 | }, { 23 | "name" : "tid", 24 | "type" : "long" 25 | }, { 26 | "name" : "opFlags", 27 | "type" : "int" 28 | }, { 29 | "name" : "endTs", 30 | "type" : "long" 31 | }, { 32 | "name" : "sip", 33 | "type" : "int" 34 | }, { 35 | "name" : "sport", 36 | "type" : "int" 37 | }, { 38 | "name" : "dip", 39 | "type" : "int" 40 | }, { 41 | "name" : "dport", 42 | "type" : "int" 43 | }, { 44 | "name" : "proto", 45 | "type" : "int" 46 | }, { 47 | "name" : "fd", 48 | "type" : "int" 49 | }, { 50 | "name" : "numRRecvOps", 51 | "type" : "long" 52 | }, { 53 | "name" : "numWSendOps", 54 | "type" : "long" 55 | }, { 56 | "name" : "numRRecvBytes", 57 | "type" : "long" 58 | }, { 59 | "name" : "numWSendBytes", 60 | "type" : "long" 61 | } ] 62 | } 63 | -------------------------------------------------------------------------------- /avro/avsc/OID.avsc: -------------------------------------------------------------------------------- 1 | { 2 | "type" : "record", 3 | "name" : "OID", 4 | "namespace" : "sysflow.type", 5 | "fields" : [ { 6 | "name" : "createTS", 7 | "type" : "long" 8 | }, { 9 | "name" : "hpid", 10 | "type" : "long" 11 | } ] 12 | } 13 | -------------------------------------------------------------------------------- /avro/avsc/Pod.avsc: -------------------------------------------------------------------------------- 1 | { 2 | "type" : "record", 3 | "name" : "Pod", 4 | "namespace" : "sysflow.entity", 5 | "fields" : [ { 6 | "name" : "ts", 7 | "type" : "long" 8 | }, { 9 | "name" : "id", 10 | "type" : "string" 11 | }, { 12 | "name" : "name", 13 | "type" : "string" 14 | }, { 15 | "name" : "nodeName", 16 | "type" : "string" 17 | }, { 18 | "name" : "hostIP", 19 | "type" : { 20 | "type" : "array", 21 | "items" : "long", 22 | "logicalType" : "ipaddr" 23 | } 24 | }, { 25 | "name" : "internalIP", 26 | "type" : { 27 | "type" : "array", 28 | "items" : "long", 29 | "logicalType" : "ipaddr" 30 | } 31 | }, { 32 | "name" : "namespace", 33 | "type" : "string" 34 | }, { 35 | "name" : "restartCount", 36 | "type" : "long" 37 | }, { 38 | "name" : "labels", 39 | "type" : { 40 | "type" : "map", 41 | "values" : "string" 42 | } 43 | }, { 44 | "name" : "selectors", 45 | "type" : { 46 | "type" : "map", 47 | "values" : "string" 48 | } 49 | }, { 50 | "name" : "services", 51 | "type" : { 52 | "type" : "array", 53 | "items" : { 54 | "type" : "record", 55 | "name" : "Service", 56 | "fields" : [ { 57 | "name" : "name", 58 | "type" : "string" 59 | }, { 60 | "name" : "id", 61 | "type" : "string" 62 | }, { 63 | "name" : "namespace", 64 | "type" : "string" 65 | }, { 66 | "name" : "portList", 67 | "type" : { 68 | "type" : "array", 69 | "items" : { 70 | "type" : "record", 71 | "name" : "Port", 72 | "fields" : [ { 73 | "name" : "port", 74 | "type" : "int" 75 | }, { 76 | "name" : "targetPort", 77 | "type" : "int" 78 | }, { 79 | "name" : "nodePort", 80 | "type" : "int" 81 | }, { 82 | "name" : "proto", 83 | "type" : "string" 84 | } ] 85 | } 86 | } 87 | }, { 88 | "name" : "clusterIP", 89 | "type" : { 90 | "type" : "array", 91 | "items" : "long", 92 | "logicalType" : "ipaddr" 93 | } 94 | } ] 95 | } 96 | } 97 | } ] 98 | } 99 | -------------------------------------------------------------------------------- /avro/avsc/Port.avsc: -------------------------------------------------------------------------------- 1 | { 2 | "type" : "record", 3 | "name" : "Port", 4 | "namespace" : "sysflow.entity", 5 | "fields" : [ { 6 | "name" : "port", 7 | "type" : "int" 8 | }, { 9 | "name" : "targetPort", 10 | "type" : "int" 11 | }, { 12 | "name" : "nodePort", 13 | "type" : "int" 14 | }, { 15 | "name" : "proto", 16 | "type" : "string" 17 | } ] 18 | } 19 | -------------------------------------------------------------------------------- /avro/avsc/Process.avsc: -------------------------------------------------------------------------------- 1 | { 2 | "type" : "record", 3 | "name" : "Process", 4 | "namespace" : "sysflow.entity", 5 | "fields" : [ { 6 | "name" : "state", 7 | "type" : { 8 | "type" : "enum", 9 | "name" : "SFObjectState", 10 | "namespace" : "sysflow.type", 11 | "symbols" : [ "CREATED", "MODIFIED", "REUP" ] 12 | } 13 | }, { 14 | "name" : "oid", 15 | "type" : { 16 | "type" : "record", 17 | "name" : "OID", 18 | "namespace" : "sysflow.type", 19 | "fields" : [ { 20 | "name" : "createTS", 21 | "type" : "long" 22 | }, { 23 | "name" : "hpid", 24 | "type" : "long" 25 | } ] 26 | } 27 | }, { 28 | "name" : "poid", 29 | "type" : [ "null", "sysflow.type.OID" ] 30 | }, { 31 | "name" : "ts", 32 | "type" : "long" 33 | }, { 34 | "name" : "exe", 35 | "type" : "string" 36 | }, { 37 | "name" : "exeArgs", 38 | "type" : "string" 39 | }, { 40 | "name" : "uid", 41 | "type" : "int" 42 | }, { 43 | "name" : "userName", 44 | "type" : "string" 45 | }, { 46 | "name" : "gid", 47 | "type" : "int" 48 | }, { 49 | "name" : "groupName", 50 | "type" : "string" 51 | }, { 52 | "name" : "tty", 53 | "type" : "boolean" 54 | }, { 55 | "name" : "containerId", 56 | "type" : [ "null", "string" ] 57 | }, { 58 | "name" : "entry", 59 | "type" : "boolean", 60 | "default" : false 61 | }, { 62 | "name" : "cwd", 63 | "type" : "string" 64 | }, { 65 | "name" : "env", 66 | "type" : { 67 | "type" : "array", 68 | "items" : "string" 69 | } 70 | } ] 71 | } 72 | -------------------------------------------------------------------------------- /avro/avsc/ProcessEvent.avsc: -------------------------------------------------------------------------------- 1 | { 2 | "type" : "record", 3 | "name" : "ProcessEvent", 4 | "namespace" : "sysflow.event", 5 | "fields" : [ { 6 | "name" : "procOID", 7 | "type" : { 8 | "type" : "record", 9 | "name" : "OID", 10 | "namespace" : "sysflow.type", 11 | "fields" : [ { 12 | "name" : "createTS", 13 | "type" : "long" 14 | }, { 15 | "name" : "hpid", 16 | "type" : "long" 17 | } ] 18 | } 19 | }, { 20 | "name" : "ts", 21 | "type" : "long" 22 | }, { 23 | "name" : "tid", 24 | "type" : "long" 25 | }, { 26 | "name" : "opFlags", 27 | "type" : "int" 28 | }, { 29 | "name" : "args", 30 | "type" : { 31 | "type" : "array", 32 | "items" : "string" 33 | } 34 | }, { 35 | "name" : "ret", 36 | "type" : "int" 37 | } ] 38 | } 39 | -------------------------------------------------------------------------------- /avro/avsc/ProcessFlow.avsc: -------------------------------------------------------------------------------- 1 | { 2 | "type" : "record", 3 | "name" : "ProcessFlow", 4 | "namespace" : "sysflow.flow", 5 | "fields" : [ { 6 | "name" : "procOID", 7 | "type" : { 8 | "type" : "record", 9 | "name" : "OID", 10 | "namespace" : "sysflow.type", 11 | "fields" : [ { 12 | "name" : "createTS", 13 | "type" : "long" 14 | }, { 15 | "name" : "hpid", 16 | "type" : "long" 17 | } ] 18 | } 19 | }, { 20 | "name" : "ts", 21 | "type" : "long" 22 | }, { 23 | "name" : "numThreadsCloned", 24 | "type" : "long" 25 | }, { 26 | "name" : "opFlags", 27 | "type" : "int" 28 | }, { 29 | "name" : "endTs", 30 | "type" : "long" 31 | }, { 32 | "name" : "numThreadsExited", 33 | "type" : "long" 34 | }, { 35 | "name" : "numCloneErrors", 36 | "type" : "long" 37 | } ] 38 | } 39 | -------------------------------------------------------------------------------- /avro/avsc/ResourceType.avsc: -------------------------------------------------------------------------------- 1 | { 2 | "type" : "enum", 3 | "name" : "ResourceType", 4 | "namespace" : "sysflow.type", 5 | "symbols" : [ "SF_FILE", "SF_DIRECTORY", "SF_PIPE", "SF_UNIX" ] 6 | } 7 | -------------------------------------------------------------------------------- /avro/avsc/SFHeader.avsc: -------------------------------------------------------------------------------- 1 | { 2 | "type" : "record", 3 | "name" : "SFHeader", 4 | "namespace" : "sysflow.entity", 5 | "fields" : [ { 6 | "name" : "version", 7 | "type" : "long", 8 | "default" : 5 9 | }, { 10 | "name" : "exporter", 11 | "type" : "string" 12 | }, { 13 | "name" : "ip", 14 | "type" : "string", 15 | "default" : "NA" 16 | }, { 17 | "name" : "filename", 18 | "type" : "string" 19 | } ] 20 | } 21 | -------------------------------------------------------------------------------- /avro/avsc/SFObjectState.avsc: -------------------------------------------------------------------------------- 1 | { 2 | "type" : "enum", 3 | "name" : "SFObjectState", 4 | "namespace" : "sysflow.type", 5 | "symbols" : [ "CREATED", "MODIFIED", "REUP" ] 6 | } 7 | -------------------------------------------------------------------------------- /avro/avsc/Service.avsc: -------------------------------------------------------------------------------- 1 | { 2 | "type" : "record", 3 | "name" : "Service", 4 | "namespace" : "sysflow.entity", 5 | "fields" : [ { 6 | "name" : "name", 7 | "type" : "string" 8 | }, { 9 | "name" : "id", 10 | "type" : "string" 11 | }, { 12 | "name" : "namespace", 13 | "type" : "string" 14 | }, { 15 | "name" : "portList", 16 | "type" : { 17 | "type" : "array", 18 | "items" : { 19 | "type" : "record", 20 | "name" : "Port", 21 | "fields" : [ { 22 | "name" : "port", 23 | "type" : "int" 24 | }, { 25 | "name" : "targetPort", 26 | "type" : "int" 27 | }, { 28 | "name" : "nodePort", 29 | "type" : "int" 30 | }, { 31 | "name" : "proto", 32 | "type" : "string" 33 | } ] 34 | } 35 | } 36 | }, { 37 | "name" : "clusterIP", 38 | "type" : { 39 | "type" : "array", 40 | "items" : "long", 41 | "logicalType" : "ipaddr" 42 | } 43 | } ] 44 | } 45 | -------------------------------------------------------------------------------- /avro/generateCClasses.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # usage 4 | if [ -z "$1" ] 5 | then 6 | echo "Missing argument. Usage: ./geberateCClasses.sh " 7 | exit 8 | fi 9 | 10 | # pre-requisites 11 | if ! command -v java &> /dev/null 12 | then 13 | echo "java could not be found" 14 | exit 15 | fi 16 | 17 | if ! command -v unzip &> /dev/null 18 | then 19 | echo "unzip could not be found" 20 | exit 21 | fi 22 | 23 | if ! command -v wget &> /dev/null 24 | then 25 | echo "wget could not be found" 26 | exit 27 | fi 28 | 29 | # source version metadata 30 | source ./manifest 31 | 32 | # install avro-tools 33 | wget -N -P avro-tools/ ${AVRO_TOOLS_URL} 34 | 35 | # install avrogencpp 36 | if ! command -v avrogencpp &> /dev/null 37 | then 38 | sudo apt-get install -y build-essential libboost-all-dev libsnappy-dev 39 | wget -N -P avro-cpp/ ${AVRO_GENCPP_URL} 40 | cd avro-cpp && unzip -o release-${AVRO_VERSION}.zip && cd avro-release-${AVRO_VERSION}/lang/c++ && sudo ./build.sh install && cd ../../../.. 41 | fi 42 | 43 | # generate avsc 44 | java -jar avro-tools/avro-tools-${AVRO_VERSION}.jar idl avdl/sysflow.avdl ./avpr/sysflow.avpr 45 | java -jar avro-tools/avro-tools-${AVRO_VERSION}.jar idl2schemata ./avdl/sysflow.avdl avsc/ 46 | 47 | # cpp stub generation 48 | avrogencpp -i ./avsc/SysFlow.avsc -o ../c++/sysflow/sysflow.hh -n sysflow 49 | echo "#ifndef __AVSC_SYSFLOW${1}" > ../c++/sysflow/avsc_sysflow${1}.hh 50 | echo "#define __AVSC_SYSFLOW${1}" >> ../c++/sysflow/avsc_sysflow${1}.hh 51 | echo "#include " >> ../c++/sysflow/avsc_sysflow${1}.hh 52 | echo -n "extern const std::string AVSC_SF = " >> ../c++/sysflow/avsc_sysflow${1}.hh 53 | cat ./avsc/SysFlow.avsc | python3 -c 'import json,sys; print(json.dumps(sys.stdin.read()))' | tr -d '\n' >> ../c++/sysflow/avsc_sysflow${1}.hh 54 | echo ";" >> ../c++/sysflow/avsc_sysflow${1}.hh 55 | echo "#endif" >> ../c++/sysflow/avsc_sysflow${1}.hh 56 | -------------------------------------------------------------------------------- /avro/manifest: -------------------------------------------------------------------------------- 1 | AVRO_VERSION=1.11.0 2 | AVRO_TOOLS_URL=https://repo1.maven.org/maven2/org/apache/avro/avro-tools/${AVRO_VERSION}/avro-tools-${AVRO_VERSION}.jar 3 | AVRO_GENCPP_URL=https://github.com/apache/avro/archive/refs/tags/release-${AVRO_VERSION}.zip 4 | -------------------------------------------------------------------------------- /c++/sysflow/enums.hh: -------------------------------------------------------------------------------- 1 | /** Copyright (C) 2022 IBM Corporation. 2 | * 3 | * Authors: 4 | * Frederico Araujo 5 | * Teryl Taylor 6 | * 7 | * Licensed under the Apache License, Version 2.0 (the "License"); 8 | * you may not use this file except in compliance with the License. 9 | * You may obtain a copy of the License at 10 | * 11 | * http://www.apache.org/licenses/LICENSE-2.0 12 | * 13 | * Unless required by applicable law or agreed to in writing, software 14 | * distributed under the License is distributed on an "AS IS" BASIS, 15 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | * See the License for the specific language governing permissions and 17 | * limitations under the License. 18 | **/ 19 | 20 | #define SF_HEADER 0 21 | #define SF_CONT 1 22 | #define SF_PROC 2 23 | #define SF_FILE_OBJ 3 24 | #define SF_PROC_EVT 4 25 | #define SF_NET_FLOW 5 26 | #define SF_FILE_FLOW 6 27 | #define SF_FILE_EVT 7 28 | #define SF_NET_EVT 8 29 | #define SF_PROC_FLOW 9 30 | #define SF_POD 10 31 | #define SF_K8S_EVT 11 -------------------------------------------------------------------------------- /go/config/config.go: -------------------------------------------------------------------------------- 1 | // 2 | // Copyright (C) 2020 IBM Corporation. 3 | // 4 | // Authors: 5 | // Frederico Araujo 6 | // Teryl Taylor 7 | // 8 | // Licensed under the Apache License, Version 2.0 (the "License"); 9 | // you may not use this file except in compliance with the License. 10 | // You may obtain a copy of the License at 11 | // 12 | // http://www.apache.org/licenses/LICENSE-2.0 13 | // 14 | // Unless required by applicable law or agreed to in writing, software 15 | // distributed under the License is distributed on an "AS IS" BASIS, 16 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 17 | // See the License for the specific language governing permissions and 18 | // limitations under the License. 19 | 20 | // Package config implements configuration settings facilities. 21 | package config 22 | 23 | import ( 24 | "errors" 25 | "os" 26 | "path/filepath" 27 | "strings" 28 | 29 | "github.com/spf13/viper" 30 | ) 31 | 32 | // Config map object that contains configuration attributes. 33 | type Config map[string]string 34 | 35 | // GetConfig returns a viper.Viper configuration object given a json file path. 36 | func GetConfig(configFile string) (*viper.Viper, error) { 37 | s, err := os.Stat(configFile) 38 | if os.IsNotExist(err) { 39 | return nil, err 40 | } 41 | if s.IsDir() { 42 | return nil, errors.New("Config file is not a file") 43 | } 44 | c := viper.New() 45 | dir := filepath.Dir(configFile) 46 | c.SetConfigName(strings.TrimSuffix(filepath.Base(configFile), filepath.Ext(configFile))) 47 | c.SetConfigType("json") 48 | c.AddConfigPath(dir) 49 | err = c.ReadInConfig() 50 | if err != nil { 51 | return nil, err 52 | } 53 | return c, nil 54 | } 55 | -------------------------------------------------------------------------------- /go/generateClasses.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | gogen-avro --short-unions --containers=true --package=sfgo sfgo ../avro/avsc/SysFlow.avsc 3 | -------------------------------------------------------------------------------- /go/go.mod: -------------------------------------------------------------------------------- 1 | module github.com/sysflow-telemetry/sf-apis/go 2 | 3 | go 1.19 4 | 5 | require ( 6 | github.com/actgardner/gogen-avro/v7 v7.3.1 7 | github.com/cespare/xxhash/v2 v2.1.2 8 | github.com/orcaman/concurrent-map v0.0.0-20190826125027-8c72a8bb44f6 9 | github.com/spf13/viper v1.10.1 10 | ) 11 | 12 | require ( 13 | github.com/fsnotify/fsnotify v1.5.1 // indirect 14 | github.com/golang/snappy v0.0.2 // indirect 15 | github.com/hashicorp/hcl v1.0.0 // indirect 16 | github.com/kr/text v0.2.0 // indirect 17 | github.com/magiconair/properties v1.8.5 // indirect 18 | github.com/mitchellh/mapstructure v1.4.3 // indirect 19 | github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e // indirect 20 | github.com/pelletier/go-toml v1.9.4 // indirect 21 | github.com/spf13/afero v1.6.0 // indirect 22 | github.com/spf13/cast v1.4.1 // indirect 23 | github.com/spf13/jwalterweatherman v1.1.0 // indirect 24 | github.com/spf13/pflag v1.0.5 // indirect 25 | github.com/subosito/gotenv v1.2.0 // indirect 26 | golang.org/x/sys v0.0.0-20220412211240-33da011f77ad // indirect 27 | golang.org/x/text v0.3.8 // indirect 28 | gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f // indirect 29 | gopkg.in/ini.v1 v1.66.2 // indirect 30 | gopkg.in/yaml.v2 v2.4.0 // indirect 31 | ) 32 | -------------------------------------------------------------------------------- /go/hash/hash.go: -------------------------------------------------------------------------------- 1 | // 2 | // Copyright (C) 2021 IBM Corporation. 3 | // 4 | // Authors: 5 | // Frederico Araujo 6 | // Teryl Taylor 7 | // 8 | // Licensed under the Apache License, Version 2.0 (the "License"); 9 | // you may not use this file except in compliance with the License. 10 | // You may obtain a copy of the License at 11 | // 12 | // http://www.apache.org/licenses/LICENSE-2.0 13 | // 14 | // Unless required by applicable law or agreed to in writing, software 15 | // distributed under the License is distributed on an "AS IS" BASIS, 16 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 17 | // See the License for the specific language governing permissions and 18 | // limitations under the License. 19 | 20 | // Package hash implements hashing utilities. 21 | package hash 22 | 23 | import ( 24 | "fmt" 25 | "hash" 26 | 27 | xxhash "github.com/cespare/xxhash/v2" 28 | ) 29 | 30 | // GetHash computes the hash of its input arguments. 31 | func GetHash(objs ...interface{}) uint64 { 32 | h := getHash(objs) 33 | return h.Sum64() 34 | } 35 | 36 | // GetHashStr computes the hash string of its input arguments. 37 | func GetHashStr(objs ...interface{}) string { 38 | h := getHash(objs) 39 | return fmt.Sprintf("%x", h.Sum(nil)) 40 | } 41 | 42 | func getHash(objs ...interface{}) hash.Hash64 { 43 | h := xxhash.New() 44 | for _, o := range objs { 45 | h.Write([]byte(fmt.Sprintf("%v", o))) 46 | } 47 | return h 48 | } 49 | -------------------------------------------------------------------------------- /go/ioutils/ioutils.go: -------------------------------------------------------------------------------- 1 | // 2 | // Copyright (C) 2021 IBM Corporation. 3 | // 4 | // Authors: 5 | // Frederico Araujo 6 | // Teryl Taylor 7 | // 8 | // Licensed under the Apache License, Version 2.0 (the "License"); 9 | // you may not use this file except in compliance with the License. 10 | // You may obtain a copy of the License at 11 | // 12 | // http://www.apache.org/licenses/LICENSE-2.0 13 | // 14 | // Unless required by applicable law or agreed to in writing, software 15 | // distributed under the License is distributed on an "AS IS" BASIS, 16 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 17 | // See the License for the specific language governing permissions and 18 | // limitations under the License. 19 | 20 | // Package ioutils implements IO utilities. 21 | package ioutils 22 | 23 | import ( 24 | "os" 25 | "path/filepath" 26 | ) 27 | 28 | // ListFilePaths lists file paths with extension fileExt in path if 29 | // path is a valid directory, otherwise, it returns path if path is 30 | // a valid path and has extension fileExt. 31 | func ListFilePaths(path string, fileExts ...string) ([]string, error) { 32 | var paths []string 33 | if fi, err := os.Stat(path); os.IsNotExist(err) { 34 | return paths, err 35 | } else if fi.IsDir() { 36 | var entries []os.DirEntry 37 | var err error 38 | if entries, err = os.ReadDir(path); err != nil { 39 | return paths, err 40 | } 41 | for _, entry := range entries { 42 | if entry.IsDir() { 43 | continue 44 | } 45 | if len(fileExts) > 0 { 46 | for _, fileExt := range fileExts { 47 | if filepath.Ext(entry.Name()) == fileExt { 48 | f := path + "/" + entry.Name() 49 | paths = append(paths, f) 50 | } 51 | } 52 | } else { 53 | f := path + "/" + entry.Name() 54 | paths = append(paths, f) 55 | } 56 | } 57 | } else { 58 | for _, fileExt := range fileExts { 59 | if filepath.Ext(path) == fileExt { 60 | return append(paths, path), nil 61 | } 62 | } 63 | } 64 | return paths, nil 65 | } 66 | 67 | // ListRecursiveFilePaths recursively lists file paths with extension 68 | // fileExt in path if path is a valid directory, otherwise, it returns 69 | // path if path is a valid path and has extension fileExt. 70 | func ListRecursiveFilePaths(path string, fileExts ...string) ([]string, error) { 71 | var paths []string 72 | if fi, err := os.Stat(path); os.IsNotExist(err) { 73 | return paths, err 74 | } else if fi.IsDir() { 75 | err := filepath.Walk(path, 76 | func(p string, info os.FileInfo, err error) error { 77 | if err != nil { 78 | return err 79 | } 80 | if info.IsDir() { 81 | return nil 82 | } 83 | if len(fileExts) > 0 { 84 | for _, fileExt := range fileExts { 85 | if filepath.Ext(info.Name()) == fileExt { 86 | paths = append(paths, p) 87 | } 88 | } 89 | } else { 90 | paths = append(paths, p) 91 | } 92 | return nil 93 | }) 94 | if err != nil { 95 | return paths, err 96 | } 97 | } else { 98 | for _, fileExt := range fileExts { 99 | if filepath.Ext(path) == fileExt { 100 | return append(paths, path), nil 101 | } 102 | } 103 | } 104 | return paths, nil 105 | } 106 | 107 | // FileExists checks whether a file exists and whether it is a directory. 108 | func FileExists(filename string) (bool, bool) { 109 | info, err := os.Stat(filename) 110 | if os.IsNotExist(err) { 111 | return false, false 112 | } 113 | return true, info.IsDir() 114 | } 115 | -------------------------------------------------------------------------------- /go/plugins/driver.go: -------------------------------------------------------------------------------- 1 | // 2 | // Copyright (C) 2020 IBM Corporation. 3 | // 4 | // Authors: 5 | // Frederico Araujo 6 | // Teryl Taylor 7 | // 8 | // Licensed under the Apache License, Version 2.0 (the "License"); 9 | // you may not use this file except in compliance with the License. 10 | // You may obtain a copy of the License at 11 | // 12 | // http://www.apache.org/licenses/LICENSE-2.0 13 | // 14 | // Unless required by applicable law or agreed to in writing, software 15 | // distributed under the License is distributed on an "AS IS" BASIS, 16 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 17 | // See the License for the specific language governing permissions and 18 | // limitations under the License. 19 | 20 | // Package plugins implements plugin interfaces for the SysFlow Processor. 21 | package plugins 22 | 23 | // SFDriver is an interface representing a telemetry driver. 24 | type SFDriver interface { 25 | Init(pipeline SFPipeline, config map[string]interface{}) error 26 | Run(path string, running *bool) error 27 | GetName() string 28 | Register(pc SFPluginCache) 29 | Cleanup() 30 | } 31 | -------------------------------------------------------------------------------- /go/plugins/handler.go: -------------------------------------------------------------------------------- 1 | // 2 | // Copyright (C) 2020 IBM Corporation. 3 | // 4 | // Authors: 5 | // Frederico Araujo 6 | // Teryl Taylor 7 | // 8 | // Licensed under the Apache License, Version 2.0 (the "License"); 9 | // you may not use this file except in compliance with the License. 10 | // You may obtain a copy of the License at 11 | // 12 | // http://www.apache.org/licenses/LICENSE-2.0 13 | // 14 | // Unless required by applicable law or agreed to in writing, software 15 | // distributed under the License is distributed on an "AS IS" BASIS, 16 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 17 | // See the License for the specific language governing permissions and 18 | // limitations under the License. 19 | 20 | // Package plugins implements plugin interfaces for the SysFlow Processor. 21 | package plugins 22 | 23 | import ( 24 | "github.com/sysflow-telemetry/sf-apis/go/sfgo" 25 | ) 26 | 27 | // SFHandler defines the SysFlow handler interface. 28 | type SFHandler interface { 29 | RegisterChannel(pc SFPluginCache) 30 | RegisterHandler(hc SFHandlerCache) 31 | Init(conf map[string]interface{}) error 32 | IsEntityEnabled() bool 33 | HandleHeader(sf *CtxSysFlow, hdr *sfgo.SFHeader) error 34 | HandleContainer(sf *CtxSysFlow, cont *sfgo.Container) error 35 | HandlePod(sf *CtxSysFlow, cont *sfgo.Pod) error 36 | HandleK8sEvt(sf *CtxSysFlow, cont *sfgo.K8sEvent) error 37 | HandleProcess(sf *CtxSysFlow, proc *sfgo.Process) error 38 | HandleFile(sf *CtxSysFlow, file *sfgo.File) error 39 | HandleNetFlow(sf *CtxSysFlow, nf *sfgo.NetworkFlow) error 40 | HandleNetEvt(sf *CtxSysFlow, ne *sfgo.NetworkEvent) error 41 | HandleFileFlow(sf *CtxSysFlow, ff *sfgo.FileFlow) error 42 | HandleFileEvt(sf *CtxSysFlow, fe *sfgo.FileEvent) error 43 | HandleProcFlow(sf *CtxSysFlow, pf *sfgo.ProcessFlow) error 44 | HandleProcEvt(sf *CtxSysFlow, pe *sfgo.ProcessEvent) error 45 | SetOutChan(ch []interface{}) 46 | Cleanup() 47 | } 48 | -------------------------------------------------------------------------------- /go/plugins/pipeline.go: -------------------------------------------------------------------------------- 1 | // 2 | // Copyright (C) 2020 IBM Corporation. 3 | // 4 | // Authors: 5 | // Frederico Araujo 6 | // Teryl Taylor 7 | // 8 | // Licensed under the Apache License, Version 2.0 (the "License"); 9 | // you may not use this file except in compliance with the License. 10 | // You may obtain a copy of the License at 11 | // 12 | // http://www.apache.org/licenses/LICENSE-2.0 13 | // 14 | // Unless required by applicable law or agreed to in writing, software 15 | // distributed under the License is distributed on an "AS IS" BASIS, 16 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 17 | // See the License for the specific language governing permissions and 18 | // limitations under the License. 19 | 20 | // Package plugins implements plugin interfaces for the SysFlow Processor. 21 | package plugins 22 | 23 | // SFPipeline is an interface representing a telemetry pipeline. 24 | type SFPipeline interface { 25 | Load(driverName string) error 26 | Init(path string) error 27 | Shutdown() error 28 | GetRootChannel() interface{} 29 | AddChannel(channelName string, channel interface{}) 30 | Wait() 31 | GetNumChannels() int 32 | GetNumProcessors() int 33 | GetNumHandlers() int 34 | GetPluginCache() SFPluginCache 35 | GetChannel(name string) (interface{}, error) 36 | Print() 37 | } 38 | -------------------------------------------------------------------------------- /go/plugins/plugins.go: -------------------------------------------------------------------------------- 1 | // 2 | // Copyright (C) 2020 IBM Corporation. 3 | // 4 | // Authors: 5 | // Frederico Araujo 6 | // Teryl Taylor 7 | // 8 | // Licensed under the Apache License, Version 2.0 (the "License"); 9 | // you may not use this file except in compliance with the License. 10 | // You may obtain a copy of the License at 11 | // 12 | // http://www.apache.org/licenses/LICENSE-2.0 13 | // 14 | // Unless required by applicable law or agreed to in writing, software 15 | // distributed under the License is distributed on an "AS IS" BASIS, 16 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 17 | // See the License for the specific language governing permissions and 18 | // limitations under the License. 19 | 20 | // Package plugins implements plugin interfaces for the SysFlow Processor. 21 | package plugins 22 | 23 | // Dynamic plugin function names and types for reflection. 24 | const ( 25 | NameFn string = "GetName" 26 | PlugSym string = "Plugin" 27 | DriverSym string = "Driver" 28 | ) 29 | 30 | // SFPluginCache defines an interface for a plugin cache. 31 | type SFPluginCache interface { 32 | AddDriver(name string, factory interface{}) 33 | AddProcessor(name string, factory interface{}) 34 | AddChannel(name string, factory interface{}) 35 | } 36 | 37 | // SFHandlerCache defines an interface for a plugin cache. 38 | type SFHandlerCache interface { 39 | AddHandler(name string, factory interface{}) 40 | } 41 | 42 | // SFPluginFactory defines an abstract factory for plugins. 43 | type SFPluginFactory interface { 44 | Register(pc SFPluginCache) 45 | } 46 | -------------------------------------------------------------------------------- /go/plugins/processor.go: -------------------------------------------------------------------------------- 1 | // 2 | // Copyright (C) 2020 IBM Corporation. 3 | // 4 | // Authors: 5 | // Frederico Araujo 6 | // Teryl Taylor 7 | // 8 | // Licensed under the Apache License, Version 2.0 (the "License"); 9 | // you may not use this file except in compliance with the License. 10 | // You may obtain a copy of the License at 11 | // 12 | // http://www.apache.org/licenses/LICENSE-2.0 13 | // 14 | // Unless required by applicable law or agreed to in writing, software 15 | // distributed under the License is distributed on an "AS IS" BASIS, 16 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 17 | // See the License for the specific language governing permissions and 18 | // limitations under the License. 19 | 20 | // Package plugins implements plugin interfaces for the SysFlow Processor. 21 | package plugins 22 | 23 | import ( 24 | "sync" 25 | ) 26 | 27 | // SFProcessor defines the SysFlow processor interface. 28 | type SFProcessor interface { 29 | Register(pc SFPluginCache) 30 | Init(conf map[string]interface{}) error 31 | Process(ch []interface{}, wg *sync.WaitGroup) 32 | GetName() string 33 | SetOutChan(ch []interface{}) 34 | Cleanup() 35 | } 36 | 37 | // SFTestableProcessor defines a testable SysFlow processor interface. 38 | type SFTestableProcessor interface { 39 | SFProcessor 40 | Test() (bool, error) 41 | } 42 | -------------------------------------------------------------------------------- /go/plugins/types.go: -------------------------------------------------------------------------------- 1 | // 2 | // Copyright (C) 2020 IBM Corporation. 3 | // 4 | // Authors: 5 | // Frederico Araujo 6 | // Teryl Taylor 7 | // 8 | // Licensed under the Apache License, Version 2.0 (the "License"); 9 | // you may not use this file except in compliance with the License. 10 | // You may obtain a copy of the License at 11 | // 12 | // http://www.apache.org/licenses/LICENSE-2.0 13 | // 14 | // Unless required by applicable law or agreed to in writing, software 15 | // distributed under the License is distributed on an "AS IS" BASIS, 16 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 17 | // See the License for the specific language governing permissions and 18 | // limitations under the License. 19 | 20 | // Package plugins implements plugin interfaces for the SysFlow Processor. 21 | package plugins 22 | 23 | import ( 24 | "github.com/sysflow-telemetry/sf-apis/go/sfgo" 25 | ) 26 | 27 | // CtxSysFlow defines a container for wrapping a SysFlow record with contextual information 28 | type CtxSysFlow struct { 29 | *sfgo.SysFlow 30 | Header *sfgo.SFHeader 31 | Container *sfgo.Container 32 | Pod *sfgo.Pod 33 | K8sEvent *sfgo.K8sEvent 34 | Process *sfgo.Process 35 | File *sfgo.File 36 | NewFile *sfgo.File 37 | PTree []*sfgo.Process 38 | GraphletID uint64 39 | } 40 | 41 | // Channel type 42 | type Channel[R any] struct { 43 | In chan R 44 | } 45 | -------------------------------------------------------------------------------- /go/secrets/secrets.go: -------------------------------------------------------------------------------- 1 | // 2 | // Copyright (C) 2020 IBM Corporation. 3 | // 4 | // Authors: 5 | // Frederico Araujo 6 | // Teryl Taylor 7 | // 8 | // Licensed under the Apache License, Version 2.0 (the "License"); 9 | // you may not use this file except in compliance with the License. 10 | // You may obtain a copy of the License at 11 | // 12 | // http://www.apache.org/licenses/LICENSE-2.0 13 | // 14 | // Unless required by applicable law or agreed to in writing, software 15 | // distributed under the License is distributed on an "AS IS" BASIS, 16 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 17 | // See the License for the specific language governing permissions and 18 | // limitations under the License. 19 | 20 | // Package secrets implements secret vault accessors. 21 | package secrets 22 | 23 | import ( 24 | "encoding/base64" 25 | "fmt" 26 | "os" 27 | "strings" 28 | 29 | "github.com/sysflow-telemetry/sf-apis/go/sfgo" 30 | ) 31 | 32 | // Secrets stores a container secrets. 33 | type Secrets struct { 34 | secretsDir string 35 | secrets map[string]string 36 | } 37 | 38 | // NewSecrets creates an instance of Secrets with container secrets mounted to /run/secrets. 39 | func NewSecrets() (*Secrets, error) { 40 | return NewSecretsWithCustomPath("/run/secrets") 41 | } 42 | 43 | // NewSecretsWithCustomPath creates an instance of Secrets with a custom secrets mount path. 44 | func NewSecretsWithCustomPath(secretsDir string) (*Secrets, error) { 45 | if err := isDir(secretsDir); err != nil { 46 | return nil, err 47 | } 48 | return &Secrets{secretsDir: secretsDir, secrets: map[string]string{}}, nil 49 | } 50 | 51 | // Get reads secret value corresponding to key. 52 | func (s *Secrets) Get(key string) (secret string, err error) { 53 | secret, err = s.read(key) 54 | if err != nil { 55 | return 56 | } 57 | return secret, nil 58 | } 59 | 60 | // GetDecoded reads and decode the base64 secret value corresponding to key. 61 | func (s *Secrets) GetDecoded(key string) (string, error) { 62 | secret, err := s.read(key) 63 | if err != nil { 64 | return secret, err 65 | } 66 | decoded, err := base64.StdEncoding.DecodeString(secret) 67 | if err != nil { 68 | return sfgo.Zeros.String, err 69 | } 70 | return string(decoded), nil 71 | } 72 | 73 | // Reads a secret. 74 | func (s *Secrets) read(secret string) (string, error) { 75 | if v, ok := s.secrets[secret]; ok { 76 | return v, nil 77 | } 78 | buf, err := os.ReadFile(s.secretsDir + "/" + secret) 79 | if err != nil { 80 | return sfgo.Zeros.String, fmt.Errorf("secret %s does not exist or cannot be read: %v", secret, err) 81 | } 82 | v := strings.TrimSpace(string(buf)) 83 | s.secrets[secret] = v 84 | return v, nil 85 | } 86 | 87 | // Checks if the given path is a directory. Returns nil if directory. 88 | func isDir(path string) error { 89 | if fi, err := os.Stat(path); os.IsNotExist(err) { 90 | return fmt.Errorf("path %s not found", path) 91 | } else if !fi.Mode().IsDir() { 92 | return fmt.Errorf("path %s is not a directory", path) 93 | } 94 | return nil 95 | } 96 | -------------------------------------------------------------------------------- /go/sfgo/array_long.go: -------------------------------------------------------------------------------- 1 | // Code generated by github.com/actgardner/gogen-avro/v7. DO NOT EDIT. 2 | /* 3 | * SOURCE: 4 | * SysFlow.avsc 5 | */ 6 | package sfgo 7 | 8 | import ( 9 | "io" 10 | 11 | "github.com/actgardner/gogen-avro/v7/vm" 12 | "github.com/actgardner/gogen-avro/v7/vm/types" 13 | ) 14 | 15 | func writeArrayLong(r []int64, w io.Writer) error { 16 | err := vm.WriteLong(int64(len(r)), w) 17 | if err != nil || len(r) == 0 { 18 | return err 19 | } 20 | for _, e := range r { 21 | err = vm.WriteLong(e, w) 22 | if err != nil { 23 | return err 24 | } 25 | } 26 | return vm.WriteLong(0, w) 27 | } 28 | 29 | type ArrayLongWrapper struct { 30 | Target *[]int64 31 | } 32 | 33 | func (_ *ArrayLongWrapper) SetBoolean(v bool) { panic("Unsupported operation") } 34 | func (_ *ArrayLongWrapper) SetInt(v int32) { panic("Unsupported operation") } 35 | func (_ *ArrayLongWrapper) SetLong(v int64) { panic("Unsupported operation") } 36 | func (_ *ArrayLongWrapper) SetFloat(v float32) { panic("Unsupported operation") } 37 | func (_ *ArrayLongWrapper) SetDouble(v float64) { panic("Unsupported operation") } 38 | func (_ *ArrayLongWrapper) SetBytes(v []byte) { panic("Unsupported operation") } 39 | func (_ *ArrayLongWrapper) SetString(v string) { panic("Unsupported operation") } 40 | func (_ *ArrayLongWrapper) SetUnionElem(v int64) { panic("Unsupported operation") } 41 | func (_ *ArrayLongWrapper) Get(i int) types.Field { panic("Unsupported operation") } 42 | func (_ *ArrayLongWrapper) AppendMap(key string) types.Field { panic("Unsupported operation") } 43 | func (_ *ArrayLongWrapper) Finalize() {} 44 | func (_ *ArrayLongWrapper) SetDefault(i int) { panic("Unsupported operation") } 45 | func (r *ArrayLongWrapper) NullField(i int) { 46 | panic("Unsupported operation") 47 | } 48 | 49 | func (r *ArrayLongWrapper) AppendArray() types.Field { 50 | var v int64 51 | 52 | *r.Target = append(*r.Target, v) 53 | return &types.Long{Target: &(*r.Target)[len(*r.Target)-1]} 54 | } 55 | -------------------------------------------------------------------------------- /go/sfgo/array_port.go: -------------------------------------------------------------------------------- 1 | // Code generated by github.com/actgardner/gogen-avro/v7. DO NOT EDIT. 2 | /* 3 | * SOURCE: 4 | * SysFlow.avsc 5 | */ 6 | package sfgo 7 | 8 | import ( 9 | "io" 10 | 11 | "github.com/actgardner/gogen-avro/v7/vm" 12 | "github.com/actgardner/gogen-avro/v7/vm/types" 13 | ) 14 | 15 | func writeArrayPort(r []*Port, w io.Writer) error { 16 | err := vm.WriteLong(int64(len(r)), w) 17 | if err != nil || len(r) == 0 { 18 | return err 19 | } 20 | for _, e := range r { 21 | err = writePort(e, w) 22 | if err != nil { 23 | return err 24 | } 25 | } 26 | return vm.WriteLong(0, w) 27 | } 28 | 29 | type ArrayPortWrapper struct { 30 | Target *[]*Port 31 | } 32 | 33 | func (_ *ArrayPortWrapper) SetBoolean(v bool) { panic("Unsupported operation") } 34 | func (_ *ArrayPortWrapper) SetInt(v int32) { panic("Unsupported operation") } 35 | func (_ *ArrayPortWrapper) SetLong(v int64) { panic("Unsupported operation") } 36 | func (_ *ArrayPortWrapper) SetFloat(v float32) { panic("Unsupported operation") } 37 | func (_ *ArrayPortWrapper) SetDouble(v float64) { panic("Unsupported operation") } 38 | func (_ *ArrayPortWrapper) SetBytes(v []byte) { panic("Unsupported operation") } 39 | func (_ *ArrayPortWrapper) SetString(v string) { panic("Unsupported operation") } 40 | func (_ *ArrayPortWrapper) SetUnionElem(v int64) { panic("Unsupported operation") } 41 | func (_ *ArrayPortWrapper) Get(i int) types.Field { panic("Unsupported operation") } 42 | func (_ *ArrayPortWrapper) AppendMap(key string) types.Field { panic("Unsupported operation") } 43 | func (_ *ArrayPortWrapper) Finalize() {} 44 | func (_ *ArrayPortWrapper) SetDefault(i int) { panic("Unsupported operation") } 45 | func (r *ArrayPortWrapper) NullField(i int) { 46 | panic("Unsupported operation") 47 | } 48 | 49 | func (r *ArrayPortWrapper) AppendArray() types.Field { 50 | var v *Port 51 | v = NewPort() 52 | 53 | *r.Target = append(*r.Target, v) 54 | 55 | return (*r.Target)[len(*r.Target)-1] 56 | } 57 | -------------------------------------------------------------------------------- /go/sfgo/array_service.go: -------------------------------------------------------------------------------- 1 | // Code generated by github.com/actgardner/gogen-avro/v7. DO NOT EDIT. 2 | /* 3 | * SOURCE: 4 | * SysFlow.avsc 5 | */ 6 | package sfgo 7 | 8 | import ( 9 | "io" 10 | 11 | "github.com/actgardner/gogen-avro/v7/vm" 12 | "github.com/actgardner/gogen-avro/v7/vm/types" 13 | ) 14 | 15 | func writeArrayService(r []*Service, w io.Writer) error { 16 | err := vm.WriteLong(int64(len(r)), w) 17 | if err != nil || len(r) == 0 { 18 | return err 19 | } 20 | for _, e := range r { 21 | err = writeService(e, w) 22 | if err != nil { 23 | return err 24 | } 25 | } 26 | return vm.WriteLong(0, w) 27 | } 28 | 29 | type ArrayServiceWrapper struct { 30 | Target *[]*Service 31 | } 32 | 33 | func (_ *ArrayServiceWrapper) SetBoolean(v bool) { panic("Unsupported operation") } 34 | func (_ *ArrayServiceWrapper) SetInt(v int32) { panic("Unsupported operation") } 35 | func (_ *ArrayServiceWrapper) SetLong(v int64) { panic("Unsupported operation") } 36 | func (_ *ArrayServiceWrapper) SetFloat(v float32) { panic("Unsupported operation") } 37 | func (_ *ArrayServiceWrapper) SetDouble(v float64) { panic("Unsupported operation") } 38 | func (_ *ArrayServiceWrapper) SetBytes(v []byte) { panic("Unsupported operation") } 39 | func (_ *ArrayServiceWrapper) SetString(v string) { panic("Unsupported operation") } 40 | func (_ *ArrayServiceWrapper) SetUnionElem(v int64) { panic("Unsupported operation") } 41 | func (_ *ArrayServiceWrapper) Get(i int) types.Field { panic("Unsupported operation") } 42 | func (_ *ArrayServiceWrapper) AppendMap(key string) types.Field { panic("Unsupported operation") } 43 | func (_ *ArrayServiceWrapper) Finalize() {} 44 | func (_ *ArrayServiceWrapper) SetDefault(i int) { panic("Unsupported operation") } 45 | func (r *ArrayServiceWrapper) NullField(i int) { 46 | panic("Unsupported operation") 47 | } 48 | 49 | func (r *ArrayServiceWrapper) AppendArray() types.Field { 50 | var v *Service 51 | v = NewService() 52 | 53 | *r.Target = append(*r.Target, v) 54 | 55 | return (*r.Target)[len(*r.Target)-1] 56 | } 57 | -------------------------------------------------------------------------------- /go/sfgo/array_string.go: -------------------------------------------------------------------------------- 1 | // Code generated by github.com/actgardner/gogen-avro/v7. DO NOT EDIT. 2 | /* 3 | * SOURCE: 4 | * SysFlow.avsc 5 | */ 6 | package sfgo 7 | 8 | import ( 9 | "io" 10 | 11 | "github.com/actgardner/gogen-avro/v7/vm" 12 | "github.com/actgardner/gogen-avro/v7/vm/types" 13 | ) 14 | 15 | func writeArrayString(r []string, w io.Writer) error { 16 | err := vm.WriteLong(int64(len(r)), w) 17 | if err != nil || len(r) == 0 { 18 | return err 19 | } 20 | for _, e := range r { 21 | err = vm.WriteString(e, w) 22 | if err != nil { 23 | return err 24 | } 25 | } 26 | return vm.WriteLong(0, w) 27 | } 28 | 29 | type ArrayStringWrapper struct { 30 | Target *[]string 31 | } 32 | 33 | func (_ *ArrayStringWrapper) SetBoolean(v bool) { panic("Unsupported operation") } 34 | func (_ *ArrayStringWrapper) SetInt(v int32) { panic("Unsupported operation") } 35 | func (_ *ArrayStringWrapper) SetLong(v int64) { panic("Unsupported operation") } 36 | func (_ *ArrayStringWrapper) SetFloat(v float32) { panic("Unsupported operation") } 37 | func (_ *ArrayStringWrapper) SetDouble(v float64) { panic("Unsupported operation") } 38 | func (_ *ArrayStringWrapper) SetBytes(v []byte) { panic("Unsupported operation") } 39 | func (_ *ArrayStringWrapper) SetString(v string) { panic("Unsupported operation") } 40 | func (_ *ArrayStringWrapper) SetUnionElem(v int64) { panic("Unsupported operation") } 41 | func (_ *ArrayStringWrapper) Get(i int) types.Field { panic("Unsupported operation") } 42 | func (_ *ArrayStringWrapper) AppendMap(key string) types.Field { panic("Unsupported operation") } 43 | func (_ *ArrayStringWrapper) Finalize() {} 44 | func (_ *ArrayStringWrapper) SetDefault(i int) { panic("Unsupported operation") } 45 | func (r *ArrayStringWrapper) NullField(i int) { 46 | panic("Unsupported operation") 47 | } 48 | 49 | func (r *ArrayStringWrapper) AppendArray() types.Field { 50 | var v string 51 | 52 | *r.Target = append(*r.Target, v) 53 | return &types.String{Target: &(*r.Target)[len(*r.Target)-1]} 54 | } 55 | -------------------------------------------------------------------------------- /go/sfgo/cont_union.go: -------------------------------------------------------------------------------- 1 | // Code generated by github.com/actgardner/gogen-avro/v7. DO NOT EDIT. 2 | /* 3 | * SOURCES: 4 | * GraphletRecord.avsc 5 | * SysFlow.avsc 6 | */ 7 | package sfgo 8 | 9 | import ( 10 | "encoding/json" 11 | "fmt" 12 | "io" 13 | 14 | "github.com/actgardner/gogen-avro/v7/vm" 15 | "github.com/actgardner/gogen-avro/v7/vm/types" 16 | ) 17 | 18 | type ContUnionTypeEnum int 19 | 20 | const ( 21 | ContUnionTypeEnumContainer ContUnionTypeEnum = 1 22 | ) 23 | 24 | type ContUnion struct { 25 | Null *types.NullVal 26 | Container *Container 27 | UnionType ContUnionTypeEnum 28 | } 29 | 30 | func writeContUnion(r *ContUnion, w io.Writer) error { 31 | 32 | if r == nil { 33 | err := vm.WriteLong(0, w) 34 | return err 35 | } 36 | 37 | err := vm.WriteLong(int64(r.UnionType), w) 38 | if err != nil { 39 | return err 40 | } 41 | switch r.UnionType { 42 | case ContUnionTypeEnumContainer: 43 | return writeContainer(r.Container, w) 44 | } 45 | return fmt.Errorf("invalid value for *ContUnion") 46 | } 47 | 48 | func NewContUnion() *ContUnion { 49 | return &ContUnion{} 50 | } 51 | 52 | func (_ *ContUnion) SetBoolean(v bool) { panic("Unsupported operation") } 53 | func (_ *ContUnion) SetInt(v int32) { panic("Unsupported operation") } 54 | func (_ *ContUnion) SetFloat(v float32) { panic("Unsupported operation") } 55 | func (_ *ContUnion) SetDouble(v float64) { panic("Unsupported operation") } 56 | func (_ *ContUnion) SetBytes(v []byte) { panic("Unsupported operation") } 57 | func (_ *ContUnion) SetString(v string) { panic("Unsupported operation") } 58 | func (r *ContUnion) SetLong(v int64) { 59 | r.UnionType = (ContUnionTypeEnum)(v) 60 | } 61 | func (r *ContUnion) Get(i int) types.Field { 62 | switch i { 63 | case 0: 64 | return r.Null 65 | case 1: 66 | r.Container = NewContainer() 67 | return r.Container 68 | } 69 | panic("Unknown field index") 70 | } 71 | func (_ *ContUnion) NullField(i int) { panic("Unsupported operation") } 72 | func (_ *ContUnion) SetDefault(i int) { panic("Unsupported operation") } 73 | func (_ *ContUnion) AppendMap(key string) types.Field { panic("Unsupported operation") } 74 | func (_ *ContUnion) AppendArray() types.Field { panic("Unsupported operation") } 75 | func (_ *ContUnion) Finalize() {} 76 | 77 | func (r *ContUnion) MarshalJSON() ([]byte, error) { 78 | if r == nil { 79 | return []byte("null"), nil 80 | } 81 | switch r.UnionType { 82 | case ContUnionTypeEnumContainer: 83 | return json.Marshal(map[string]interface{}{"Container": r.Container}) 84 | } 85 | return nil, fmt.Errorf("invalid value for *ContUnion") 86 | } 87 | 88 | func (r *ContUnion) UnmarshalJSON(data []byte) error { 89 | var fields map[string]json.RawMessage 90 | if err := json.Unmarshal(data, &fields); err != nil { 91 | return err 92 | } 93 | if value, ok := fields["Container"]; ok { 94 | r.UnionType = 1 95 | return json.Unmarshal([]byte(value), &r.Container) 96 | } 97 | return fmt.Errorf("invalid value for *ContUnion") 98 | } 99 | -------------------------------------------------------------------------------- /go/sfgo/container_container.go: -------------------------------------------------------------------------------- 1 | // Code generated by github.com/actgardner/gogen-avro/v7. DO NOT EDIT. 2 | /* 3 | * SOURCE: 4 | * SysFlow.avsc 5 | */ 6 | package sfgo 7 | 8 | import ( 9 | "io" 10 | 11 | "github.com/actgardner/gogen-avro/v7/compiler" 12 | "github.com/actgardner/gogen-avro/v7/container" 13 | "github.com/actgardner/gogen-avro/v7/vm" 14 | ) 15 | 16 | func NewContainerWriter(writer io.Writer, codec container.Codec, recordsPerBlock int64) (*container.Writer, error) { 17 | str := NewContainer() 18 | return container.NewWriter(writer, codec, recordsPerBlock, str.Schema()) 19 | } 20 | 21 | // container reader 22 | type ContainerReader struct { 23 | r io.Reader 24 | p *vm.Program 25 | } 26 | 27 | func NewContainerReader(r io.Reader) (*ContainerReader, error) { 28 | containerReader, err := container.NewReader(r) 29 | if err != nil { 30 | return nil, err 31 | } 32 | 33 | t := NewContainer() 34 | deser, err := compiler.CompileSchemaBytes([]byte(containerReader.AvroContainerSchema()), []byte(t.Schema())) 35 | if err != nil { 36 | return nil, err 37 | } 38 | 39 | return &ContainerReader{ 40 | r: containerReader, 41 | p: deser, 42 | }, nil 43 | } 44 | 45 | func (r ContainerReader) Read() (*Container, error) { 46 | t := NewContainer() 47 | err := vm.Eval(r.r, r.p, t) 48 | return t, err 49 | } 50 | -------------------------------------------------------------------------------- /go/sfgo/container_id_union.go: -------------------------------------------------------------------------------- 1 | // Code generated by github.com/actgardner/gogen-avro/v7. DO NOT EDIT. 2 | /* 3 | * SOURCE: 4 | * SysFlow.avsc 5 | */ 6 | package sfgo 7 | 8 | import ( 9 | "encoding/json" 10 | "fmt" 11 | "io" 12 | 13 | "github.com/actgardner/gogen-avro/v7/vm" 14 | "github.com/actgardner/gogen-avro/v7/vm/types" 15 | ) 16 | 17 | type ContainerIdUnionTypeEnum int 18 | 19 | const ( 20 | ContainerIdUnionTypeEnumString ContainerIdUnionTypeEnum = 1 21 | ) 22 | 23 | type ContainerIdUnion struct { 24 | Null *types.NullVal 25 | String string 26 | UnionType ContainerIdUnionTypeEnum 27 | } 28 | 29 | func writeContainerIdUnion(r *ContainerIdUnion, w io.Writer) error { 30 | 31 | if r == nil { 32 | err := vm.WriteLong(0, w) 33 | return err 34 | } 35 | 36 | err := vm.WriteLong(int64(r.UnionType), w) 37 | if err != nil { 38 | return err 39 | } 40 | switch r.UnionType { 41 | case ContainerIdUnionTypeEnumString: 42 | return vm.WriteString(r.String, w) 43 | } 44 | return fmt.Errorf("invalid value for *ContainerIdUnion") 45 | } 46 | 47 | func NewContainerIdUnion() *ContainerIdUnion { 48 | return &ContainerIdUnion{} 49 | } 50 | 51 | func (_ *ContainerIdUnion) SetBoolean(v bool) { panic("Unsupported operation") } 52 | func (_ *ContainerIdUnion) SetInt(v int32) { panic("Unsupported operation") } 53 | func (_ *ContainerIdUnion) SetFloat(v float32) { panic("Unsupported operation") } 54 | func (_ *ContainerIdUnion) SetDouble(v float64) { panic("Unsupported operation") } 55 | func (_ *ContainerIdUnion) SetBytes(v []byte) { panic("Unsupported operation") } 56 | func (_ *ContainerIdUnion) SetString(v string) { panic("Unsupported operation") } 57 | func (r *ContainerIdUnion) SetLong(v int64) { 58 | r.UnionType = (ContainerIdUnionTypeEnum)(v) 59 | } 60 | func (r *ContainerIdUnion) Get(i int) types.Field { 61 | switch i { 62 | case 0: 63 | return r.Null 64 | case 1: 65 | return &types.String{Target: (&r.String)} 66 | } 67 | panic("Unknown field index") 68 | } 69 | func (_ *ContainerIdUnion) NullField(i int) { panic("Unsupported operation") } 70 | func (_ *ContainerIdUnion) SetDefault(i int) { panic("Unsupported operation") } 71 | func (_ *ContainerIdUnion) AppendMap(key string) types.Field { panic("Unsupported operation") } 72 | func (_ *ContainerIdUnion) AppendArray() types.Field { panic("Unsupported operation") } 73 | func (_ *ContainerIdUnion) Finalize() {} 74 | 75 | func (r *ContainerIdUnion) MarshalJSON() ([]byte, error) { 76 | if r == nil { 77 | return []byte("null"), nil 78 | } 79 | switch r.UnionType { 80 | case ContainerIdUnionTypeEnumString: 81 | return json.Marshal(map[string]interface{}{"string": r.String}) 82 | } 83 | return nil, fmt.Errorf("invalid value for *ContainerIdUnion") 84 | } 85 | 86 | func (r *ContainerIdUnion) UnmarshalJSON(data []byte) error { 87 | var fields map[string]json.RawMessage 88 | if err := json.Unmarshal(data, &fields); err != nil { 89 | return err 90 | } 91 | if value, ok := fields["string"]; ok { 92 | r.UnionType = 1 93 | return json.Unmarshal([]byte(value), &r.String) 94 | } 95 | return fmt.Errorf("invalid value for *ContainerIdUnion") 96 | } 97 | -------------------------------------------------------------------------------- /go/sfgo/fe_union.go: -------------------------------------------------------------------------------- 1 | // Code generated by github.com/actgardner/gogen-avro/v7. DO NOT EDIT. 2 | /* 3 | * SOURCES: 4 | * GraphletRecord.avsc 5 | * SysFlow.avsc 6 | */ 7 | package sfgo 8 | 9 | import ( 10 | "encoding/json" 11 | "fmt" 12 | "io" 13 | 14 | "github.com/actgardner/gogen-avro/v7/vm" 15 | "github.com/actgardner/gogen-avro/v7/vm/types" 16 | ) 17 | 18 | type FeUnionTypeEnum int 19 | 20 | const ( 21 | FeUnionTypeEnumFileEvent FeUnionTypeEnum = 1 22 | ) 23 | 24 | type FeUnion struct { 25 | Null *types.NullVal 26 | FileEvent *FileEvent 27 | UnionType FeUnionTypeEnum 28 | } 29 | 30 | func writeFeUnion(r *FeUnion, w io.Writer) error { 31 | 32 | if r == nil { 33 | err := vm.WriteLong(0, w) 34 | return err 35 | } 36 | 37 | err := vm.WriteLong(int64(r.UnionType), w) 38 | if err != nil { 39 | return err 40 | } 41 | switch r.UnionType { 42 | case FeUnionTypeEnumFileEvent: 43 | return writeFileEvent(r.FileEvent, w) 44 | } 45 | return fmt.Errorf("invalid value for *FeUnion") 46 | } 47 | 48 | func NewFeUnion() *FeUnion { 49 | return &FeUnion{} 50 | } 51 | 52 | func (_ *FeUnion) SetBoolean(v bool) { panic("Unsupported operation") } 53 | func (_ *FeUnion) SetInt(v int32) { panic("Unsupported operation") } 54 | func (_ *FeUnion) SetFloat(v float32) { panic("Unsupported operation") } 55 | func (_ *FeUnion) SetDouble(v float64) { panic("Unsupported operation") } 56 | func (_ *FeUnion) SetBytes(v []byte) { panic("Unsupported operation") } 57 | func (_ *FeUnion) SetString(v string) { panic("Unsupported operation") } 58 | func (r *FeUnion) SetLong(v int64) { 59 | r.UnionType = (FeUnionTypeEnum)(v) 60 | } 61 | func (r *FeUnion) Get(i int) types.Field { 62 | switch i { 63 | case 0: 64 | return r.Null 65 | case 1: 66 | r.FileEvent = NewFileEvent() 67 | return r.FileEvent 68 | } 69 | panic("Unknown field index") 70 | } 71 | func (_ *FeUnion) NullField(i int) { panic("Unsupported operation") } 72 | func (_ *FeUnion) SetDefault(i int) { panic("Unsupported operation") } 73 | func (_ *FeUnion) AppendMap(key string) types.Field { panic("Unsupported operation") } 74 | func (_ *FeUnion) AppendArray() types.Field { panic("Unsupported operation") } 75 | func (_ *FeUnion) Finalize() {} 76 | 77 | func (r *FeUnion) MarshalJSON() ([]byte, error) { 78 | if r == nil { 79 | return []byte("null"), nil 80 | } 81 | switch r.UnionType { 82 | case FeUnionTypeEnumFileEvent: 83 | return json.Marshal(map[string]interface{}{"FileEvent": r.FileEvent}) 84 | } 85 | return nil, fmt.Errorf("invalid value for *FeUnion") 86 | } 87 | 88 | func (r *FeUnion) UnmarshalJSON(data []byte) error { 89 | var fields map[string]json.RawMessage 90 | if err := json.Unmarshal(data, &fields); err != nil { 91 | return err 92 | } 93 | if value, ok := fields["FileEvent"]; ok { 94 | r.UnionType = 1 95 | return json.Unmarshal([]byte(value), &r.FileEvent) 96 | } 97 | return fmt.Errorf("invalid value for *FeUnion") 98 | } 99 | -------------------------------------------------------------------------------- /go/sfgo/ff_union.go: -------------------------------------------------------------------------------- 1 | // Code generated by github.com/actgardner/gogen-avro/v7. DO NOT EDIT. 2 | /* 3 | * SOURCES: 4 | * GraphletRecord.avsc 5 | * SysFlow.avsc 6 | */ 7 | package sfgo 8 | 9 | import ( 10 | "encoding/json" 11 | "fmt" 12 | "io" 13 | 14 | "github.com/actgardner/gogen-avro/v7/vm" 15 | "github.com/actgardner/gogen-avro/v7/vm/types" 16 | ) 17 | 18 | type FfUnionTypeEnum int 19 | 20 | const ( 21 | FfUnionTypeEnumFileFlow FfUnionTypeEnum = 1 22 | ) 23 | 24 | type FfUnion struct { 25 | Null *types.NullVal 26 | FileFlow *FileFlow 27 | UnionType FfUnionTypeEnum 28 | } 29 | 30 | func writeFfUnion(r *FfUnion, w io.Writer) error { 31 | 32 | if r == nil { 33 | err := vm.WriteLong(0, w) 34 | return err 35 | } 36 | 37 | err := vm.WriteLong(int64(r.UnionType), w) 38 | if err != nil { 39 | return err 40 | } 41 | switch r.UnionType { 42 | case FfUnionTypeEnumFileFlow: 43 | return writeFileFlow(r.FileFlow, w) 44 | } 45 | return fmt.Errorf("invalid value for *FfUnion") 46 | } 47 | 48 | func NewFfUnion() *FfUnion { 49 | return &FfUnion{} 50 | } 51 | 52 | func (_ *FfUnion) SetBoolean(v bool) { panic("Unsupported operation") } 53 | func (_ *FfUnion) SetInt(v int32) { panic("Unsupported operation") } 54 | func (_ *FfUnion) SetFloat(v float32) { panic("Unsupported operation") } 55 | func (_ *FfUnion) SetDouble(v float64) { panic("Unsupported operation") } 56 | func (_ *FfUnion) SetBytes(v []byte) { panic("Unsupported operation") } 57 | func (_ *FfUnion) SetString(v string) { panic("Unsupported operation") } 58 | func (r *FfUnion) SetLong(v int64) { 59 | r.UnionType = (FfUnionTypeEnum)(v) 60 | } 61 | func (r *FfUnion) Get(i int) types.Field { 62 | switch i { 63 | case 0: 64 | return r.Null 65 | case 1: 66 | r.FileFlow = NewFileFlow() 67 | return r.FileFlow 68 | } 69 | panic("Unknown field index") 70 | } 71 | func (_ *FfUnion) NullField(i int) { panic("Unsupported operation") } 72 | func (_ *FfUnion) SetDefault(i int) { panic("Unsupported operation") } 73 | func (_ *FfUnion) AppendMap(key string) types.Field { panic("Unsupported operation") } 74 | func (_ *FfUnion) AppendArray() types.Field { panic("Unsupported operation") } 75 | func (_ *FfUnion) Finalize() {} 76 | 77 | func (r *FfUnion) MarshalJSON() ([]byte, error) { 78 | if r == nil { 79 | return []byte("null"), nil 80 | } 81 | switch r.UnionType { 82 | case FfUnionTypeEnumFileFlow: 83 | return json.Marshal(map[string]interface{}{"FileFlow": r.FileFlow}) 84 | } 85 | return nil, fmt.Errorf("invalid value for *FfUnion") 86 | } 87 | 88 | func (r *FfUnion) UnmarshalJSON(data []byte) error { 89 | var fields map[string]json.RawMessage 90 | if err := json.Unmarshal(data, &fields); err != nil { 91 | return err 92 | } 93 | if value, ok := fields["FileFlow"]; ok { 94 | r.UnionType = 1 95 | return json.Unmarshal([]byte(value), &r.FileFlow) 96 | } 97 | return fmt.Errorf("invalid value for *FfUnion") 98 | } 99 | -------------------------------------------------------------------------------- /go/sfgo/file_container.go: -------------------------------------------------------------------------------- 1 | // Code generated by github.com/actgardner/gogen-avro/v7. DO NOT EDIT. 2 | /* 3 | * SOURCE: 4 | * SysFlow.avsc 5 | */ 6 | package sfgo 7 | 8 | import ( 9 | "io" 10 | 11 | "github.com/actgardner/gogen-avro/v7/compiler" 12 | "github.com/actgardner/gogen-avro/v7/container" 13 | "github.com/actgardner/gogen-avro/v7/vm" 14 | ) 15 | 16 | func NewFileWriter(writer io.Writer, codec container.Codec, recordsPerBlock int64) (*container.Writer, error) { 17 | str := NewFile() 18 | return container.NewWriter(writer, codec, recordsPerBlock, str.Schema()) 19 | } 20 | 21 | // container reader 22 | type FileReader struct { 23 | r io.Reader 24 | p *vm.Program 25 | } 26 | 27 | func NewFileReader(r io.Reader) (*FileReader, error) { 28 | containerReader, err := container.NewReader(r) 29 | if err != nil { 30 | return nil, err 31 | } 32 | 33 | t := NewFile() 34 | deser, err := compiler.CompileSchemaBytes([]byte(containerReader.AvroContainerSchema()), []byte(t.Schema())) 35 | if err != nil { 36 | return nil, err 37 | } 38 | 39 | return &FileReader{ 40 | r: containerReader, 41 | p: deser, 42 | }, nil 43 | } 44 | 45 | func (r FileReader) Read() (*File, error) { 46 | t := NewFile() 47 | err := vm.Eval(r.r, r.p, t) 48 | return t, err 49 | } 50 | -------------------------------------------------------------------------------- /go/sfgo/file_event_container.go: -------------------------------------------------------------------------------- 1 | // Code generated by github.com/actgardner/gogen-avro/v7. DO NOT EDIT. 2 | /* 3 | * SOURCE: 4 | * SysFlow.avsc 5 | */ 6 | package sfgo 7 | 8 | import ( 9 | "io" 10 | 11 | "github.com/actgardner/gogen-avro/v7/compiler" 12 | "github.com/actgardner/gogen-avro/v7/container" 13 | "github.com/actgardner/gogen-avro/v7/vm" 14 | ) 15 | 16 | func NewFileEventWriter(writer io.Writer, codec container.Codec, recordsPerBlock int64) (*container.Writer, error) { 17 | str := NewFileEvent() 18 | return container.NewWriter(writer, codec, recordsPerBlock, str.Schema()) 19 | } 20 | 21 | // container reader 22 | type FileEventReader struct { 23 | r io.Reader 24 | p *vm.Program 25 | } 26 | 27 | func NewFileEventReader(r io.Reader) (*FileEventReader, error) { 28 | containerReader, err := container.NewReader(r) 29 | if err != nil { 30 | return nil, err 31 | } 32 | 33 | t := NewFileEvent() 34 | deser, err := compiler.CompileSchemaBytes([]byte(containerReader.AvroContainerSchema()), []byte(t.Schema())) 35 | if err != nil { 36 | return nil, err 37 | } 38 | 39 | return &FileEventReader{ 40 | r: containerReader, 41 | p: deser, 42 | }, nil 43 | } 44 | 45 | func (r FileEventReader) Read() (*FileEvent, error) { 46 | t := NewFileEvent() 47 | err := vm.Eval(r.r, r.p, t) 48 | return t, err 49 | } 50 | -------------------------------------------------------------------------------- /go/sfgo/file_flow_container.go: -------------------------------------------------------------------------------- 1 | // Code generated by github.com/actgardner/gogen-avro/v7. DO NOT EDIT. 2 | /* 3 | * SOURCE: 4 | * SysFlow.avsc 5 | */ 6 | package sfgo 7 | 8 | import ( 9 | "io" 10 | 11 | "github.com/actgardner/gogen-avro/v7/compiler" 12 | "github.com/actgardner/gogen-avro/v7/container" 13 | "github.com/actgardner/gogen-avro/v7/vm" 14 | ) 15 | 16 | func NewFileFlowWriter(writer io.Writer, codec container.Codec, recordsPerBlock int64) (*container.Writer, error) { 17 | str := NewFileFlow() 18 | return container.NewWriter(writer, codec, recordsPerBlock, str.Schema()) 19 | } 20 | 21 | // container reader 22 | type FileFlowReader struct { 23 | r io.Reader 24 | p *vm.Program 25 | } 26 | 27 | func NewFileFlowReader(r io.Reader) (*FileFlowReader, error) { 28 | containerReader, err := container.NewReader(r) 29 | if err != nil { 30 | return nil, err 31 | } 32 | 33 | t := NewFileFlow() 34 | deser, err := compiler.CompileSchemaBytes([]byte(containerReader.AvroContainerSchema()), []byte(t.Schema())) 35 | if err != nil { 36 | return nil, err 37 | } 38 | 39 | return &FileFlowReader{ 40 | r: containerReader, 41 | p: deser, 42 | }, nil 43 | } 44 | 45 | func (r FileFlowReader) Read() (*FileFlow, error) { 46 | t := NewFileFlow() 47 | err := vm.Eval(r.r, r.p, t) 48 | return t, err 49 | } 50 | -------------------------------------------------------------------------------- /go/sfgo/file_union.go: -------------------------------------------------------------------------------- 1 | // Code generated by github.com/actgardner/gogen-avro/v7. DO NOT EDIT. 2 | /* 3 | * SOURCES: 4 | * GraphletRecord.avsc 5 | * SysFlow.avsc 6 | */ 7 | package sfgo 8 | 9 | import ( 10 | "encoding/json" 11 | "fmt" 12 | "io" 13 | 14 | "github.com/actgardner/gogen-avro/v7/vm" 15 | "github.com/actgardner/gogen-avro/v7/vm/types" 16 | ) 17 | 18 | type FileUnionTypeEnum int 19 | 20 | const ( 21 | FileUnionTypeEnumFile FileUnionTypeEnum = 1 22 | ) 23 | 24 | type FileUnion struct { 25 | Null *types.NullVal 26 | File *File 27 | UnionType FileUnionTypeEnum 28 | } 29 | 30 | func writeFileUnion(r *FileUnion, w io.Writer) error { 31 | 32 | if r == nil { 33 | err := vm.WriteLong(0, w) 34 | return err 35 | } 36 | 37 | err := vm.WriteLong(int64(r.UnionType), w) 38 | if err != nil { 39 | return err 40 | } 41 | switch r.UnionType { 42 | case FileUnionTypeEnumFile: 43 | return writeFile(r.File, w) 44 | } 45 | return fmt.Errorf("invalid value for *FileUnion") 46 | } 47 | 48 | func NewFileUnion() *FileUnion { 49 | return &FileUnion{} 50 | } 51 | 52 | func (_ *FileUnion) SetBoolean(v bool) { panic("Unsupported operation") } 53 | func (_ *FileUnion) SetInt(v int32) { panic("Unsupported operation") } 54 | func (_ *FileUnion) SetFloat(v float32) { panic("Unsupported operation") } 55 | func (_ *FileUnion) SetDouble(v float64) { panic("Unsupported operation") } 56 | func (_ *FileUnion) SetBytes(v []byte) { panic("Unsupported operation") } 57 | func (_ *FileUnion) SetString(v string) { panic("Unsupported operation") } 58 | func (r *FileUnion) SetLong(v int64) { 59 | r.UnionType = (FileUnionTypeEnum)(v) 60 | } 61 | func (r *FileUnion) Get(i int) types.Field { 62 | switch i { 63 | case 0: 64 | return r.Null 65 | case 1: 66 | r.File = NewFile() 67 | return r.File 68 | } 69 | panic("Unknown field index") 70 | } 71 | func (_ *FileUnion) NullField(i int) { panic("Unsupported operation") } 72 | func (_ *FileUnion) SetDefault(i int) { panic("Unsupported operation") } 73 | func (_ *FileUnion) AppendMap(key string) types.Field { panic("Unsupported operation") } 74 | func (_ *FileUnion) AppendArray() types.Field { panic("Unsupported operation") } 75 | func (_ *FileUnion) Finalize() {} 76 | 77 | func (r *FileUnion) MarshalJSON() ([]byte, error) { 78 | if r == nil { 79 | return []byte("null"), nil 80 | } 81 | switch r.UnionType { 82 | case FileUnionTypeEnumFile: 83 | return json.Marshal(map[string]interface{}{"File": r.File}) 84 | } 85 | return nil, fmt.Errorf("invalid value for *FileUnion") 86 | } 87 | 88 | func (r *FileUnion) UnmarshalJSON(data []byte) error { 89 | var fields map[string]json.RawMessage 90 | if err := json.Unmarshal(data, &fields); err != nil { 91 | return err 92 | } 93 | if value, ok := fields["File"]; ok { 94 | r.UnionType = 1 95 | return json.Unmarshal([]byte(value), &r.File) 96 | } 97 | return fmt.Errorf("invalid value for *FileUnion") 98 | } 99 | -------------------------------------------------------------------------------- /go/sfgo/flat_record.go: -------------------------------------------------------------------------------- 1 | package sfgo 2 | 3 | // Constants. 4 | const ( 5 | TS_INT Attribute = EV_FILE_TS_INT 6 | TID_INT Attribute = EV_FILE_TID_INT 7 | OPFLAGS_INT Attribute = EV_FILE_OPFLAGS_INT 8 | RET_INT Attribute = EV_FILE_RET_INT 9 | 10 | ENDTS_INT Attribute = FL_FILE_ENDTS_INT 11 | FD_INT Attribute = FL_FILE_FD_INT 12 | NUMRRECVOPS_INT Attribute = FL_FILE_NUMRRECVOPS_INT 13 | NUMWSENDOPS_INT Attribute = FL_FILE_NUMWSENDOPS_INT 14 | NUMRRECVBYTES_INT Attribute = FL_FILE_NUMRRECVBYTES_INT 15 | NUMWSENDBYTES_INT Attribute = FL_FILE_NUMWSENDBYTES_INT 16 | 17 | /* HEADER int64 = 0 18 | CONT int64 = 1 19 | PROC int64 = 2 20 | FILE int64 = 3 21 | PROC_EVT int64 = 4 22 | NET_FLOW int64 = 5 23 | FILE_FLOW int64 = 6 24 | FILE_EVT int64 = 7 25 | */ 26 | ) 27 | 28 | // sftypes is used to obtain zero values for types used during flattening. 29 | type sftypes struct { 30 | Int64 int64 31 | String string 32 | Any interface{} 33 | } 34 | 35 | // Zeros is a zero-initialized struct used to obtain zero values for types used during flattening. 36 | var Zeros = sftypes{} 37 | 38 | // Source denotes a data source type 39 | type Source uint32 40 | 41 | // FlatRecord is a multi-source flat record 42 | type FlatRecord struct { 43 | Sources []Source 44 | Ints [][]int64 45 | Strs [][]string 46 | Anys [][]interface{} 47 | Ptree []*Process 48 | GraphletID uint64 49 | } 50 | -------------------------------------------------------------------------------- /go/sfgo/foid.go: -------------------------------------------------------------------------------- 1 | // Code generated by github.com/actgardner/gogen-avro/v7. DO NOT EDIT. 2 | /* 3 | * SOURCE: 4 | * SysFlow.avsc 5 | */ 6 | package sfgo 7 | 8 | import ( 9 | "github.com/actgardner/gogen-avro/v7/vm/types" 10 | "io" 11 | ) 12 | 13 | func writeFOID(r FOID, w io.Writer) error { 14 | _, err := w.Write(r[:]) 15 | return err 16 | } 17 | 18 | type FOIDWrapper struct { 19 | Target *FOID 20 | } 21 | 22 | type FOID [20]byte 23 | 24 | func (_ *FOIDWrapper) SetBoolean(v bool) { panic("Unsupported operation") } 25 | func (_ *FOIDWrapper) SetInt(v int32) { panic("Unsupported operation") } 26 | func (_ *FOIDWrapper) SetLong(v int64) { panic("Unsupported operation") } 27 | func (_ *FOIDWrapper) SetFloat(v float32) { panic("Unsupported operation") } 28 | func (_ *FOIDWrapper) SetDouble(v float64) { panic("Unsupported operation") } 29 | func (r *FOIDWrapper) SetBytes(v []byte) { 30 | copy((*r.Target)[:], v) 31 | } 32 | func (_ *FOIDWrapper) SetString(v string) { panic("Unsupported operation") } 33 | func (_ *FOIDWrapper) SetUnionElem(v int64) { panic("Unsupported operation") } 34 | func (_ *FOIDWrapper) Get(i int) types.Field { panic("Unsupported operation") } 35 | func (_ *FOIDWrapper) AppendMap(key string) types.Field { panic("Unsupported operation") } 36 | func (_ *FOIDWrapper) AppendArray() types.Field { panic("Unsupported operation") } 37 | func (_ *FOIDWrapper) NullField(int) { panic("Unsupported operation") } 38 | func (_ *FOIDWrapper) Finalize() {} 39 | func (_ *FOIDWrapper) SetDefault(i int) { panic("Unsupported operation") } 40 | -------------------------------------------------------------------------------- /go/sfgo/k8s_event_container.go: -------------------------------------------------------------------------------- 1 | // Code generated by github.com/actgardner/gogen-avro/v7. DO NOT EDIT. 2 | /* 3 | * SOURCE: 4 | * SysFlow.avsc 5 | */ 6 | package sfgo 7 | 8 | import ( 9 | "io" 10 | 11 | "github.com/actgardner/gogen-avro/v7/compiler" 12 | "github.com/actgardner/gogen-avro/v7/container" 13 | "github.com/actgardner/gogen-avro/v7/vm" 14 | ) 15 | 16 | func NewK8sEventWriter(writer io.Writer, codec container.Codec, recordsPerBlock int64) (*container.Writer, error) { 17 | str := NewK8sEvent() 18 | return container.NewWriter(writer, codec, recordsPerBlock, str.Schema()) 19 | } 20 | 21 | // container reader 22 | type K8sEventReader struct { 23 | r io.Reader 24 | p *vm.Program 25 | } 26 | 27 | func NewK8sEventReader(r io.Reader) (*K8sEventReader, error) { 28 | containerReader, err := container.NewReader(r) 29 | if err != nil { 30 | return nil, err 31 | } 32 | 33 | t := NewK8sEvent() 34 | deser, err := compiler.CompileSchemaBytes([]byte(containerReader.AvroContainerSchema()), []byte(t.Schema())) 35 | if err != nil { 36 | return nil, err 37 | } 38 | 39 | return &K8sEventReader{ 40 | r: containerReader, 41 | p: deser, 42 | }, nil 43 | } 44 | 45 | func (r K8sEventReader) Read() (*K8sEvent, error) { 46 | t := NewK8sEvent() 47 | err := vm.Eval(r.r, r.p, t) 48 | return t, err 49 | } 50 | -------------------------------------------------------------------------------- /go/sfgo/map_string.go: -------------------------------------------------------------------------------- 1 | // Code generated by github.com/actgardner/gogen-avro/v7. DO NOT EDIT. 2 | /* 3 | * SOURCE: 4 | * SysFlow.avsc 5 | */ 6 | package sfgo 7 | 8 | import ( 9 | "github.com/actgardner/gogen-avro/v7/vm" 10 | "github.com/actgardner/gogen-avro/v7/vm/types" 11 | "io" 12 | ) 13 | 14 | func writeMapString(r map[string]string, w io.Writer) error { 15 | err := vm.WriteLong(int64(len(r)), w) 16 | if err != nil || len(r) == 0 { 17 | return err 18 | } 19 | for k, e := range r { 20 | err = vm.WriteString(k, w) 21 | if err != nil { 22 | return err 23 | } 24 | err = vm.WriteString(e, w) 25 | if err != nil { 26 | return err 27 | } 28 | } 29 | return vm.WriteLong(0, w) 30 | } 31 | 32 | type MapStringWrapper struct { 33 | Target *map[string]string 34 | keys []string 35 | values []string 36 | } 37 | 38 | func (_ *MapStringWrapper) SetBoolean(v bool) { panic("Unsupported operation") } 39 | func (_ *MapStringWrapper) SetInt(v int32) { panic("Unsupported operation") } 40 | func (_ *MapStringWrapper) SetLong(v int64) { panic("Unsupported operation") } 41 | func (_ *MapStringWrapper) SetFloat(v float32) { panic("Unsupported operation") } 42 | func (_ *MapStringWrapper) SetDouble(v float64) { panic("Unsupported operation") } 43 | func (_ *MapStringWrapper) SetBytes(v []byte) { panic("Unsupported operation") } 44 | func (_ *MapStringWrapper) SetString(v string) { panic("Unsupported operation") } 45 | func (_ *MapStringWrapper) SetUnionElem(v int64) { panic("Unsupported operation") } 46 | func (_ *MapStringWrapper) Get(i int) types.Field { panic("Unsupported operation") } 47 | func (_ *MapStringWrapper) SetDefault(i int) { panic("Unsupported operation") } 48 | 49 | func (r *MapStringWrapper) NullField(_ int) { 50 | panic("Unsupported operation") 51 | } 52 | 53 | func (r *MapStringWrapper) Finalize() { 54 | for i := range r.keys { 55 | (*r.Target)[r.keys[i]] = r.values[i] 56 | } 57 | } 58 | 59 | func (r *MapStringWrapper) AppendMap(key string) types.Field { 60 | r.keys = append(r.keys, key) 61 | var v string 62 | r.values = append(r.values, v) 63 | return &types.String{Target: &r.values[len(r.values)-1]} 64 | } 65 | 66 | func (_ *MapStringWrapper) AppendArray() types.Field { panic("Unsupported operation") } 67 | -------------------------------------------------------------------------------- /go/sfgo/marshal.go: -------------------------------------------------------------------------------- 1 | package sfgo 2 | 3 | import ( 4 | "encoding/json" 5 | ) 6 | 7 | func getIPStrArray(ips *[]int64) []string { 8 | strs := make([]string, len(*ips)) 9 | for i, ip := range *ips { 10 | strs[i] = GetIPStr(int32(ip)) 11 | } 12 | return strs 13 | } 14 | 15 | func (s *Service) MarshalJSON() ([]byte, error) { 16 | return json.Marshal(&struct { 17 | ClusterIP []string `json:"clusterip"` 18 | Name string `json:"name"` 19 | Id string `json:"id"` 20 | Namespace string `json:"namespace"` 21 | PortList []*Port `json:"portList"` 22 | }{ 23 | ClusterIP: getIPStrArray(&s.ClusterIP), 24 | Name: s.Name, 25 | Id: s.Id, 26 | Namespace: s.Namespace, 27 | PortList: s.PortList, 28 | }) 29 | } 30 | -------------------------------------------------------------------------------- /go/sfgo/ne_union.go: -------------------------------------------------------------------------------- 1 | // Code generated by github.com/actgardner/gogen-avro/v7. DO NOT EDIT. 2 | /* 3 | * SOURCES: 4 | * GraphletRecord.avsc 5 | * SysFlow.avsc 6 | */ 7 | package sfgo 8 | 9 | import ( 10 | "encoding/json" 11 | "fmt" 12 | "io" 13 | 14 | "github.com/actgardner/gogen-avro/v7/vm" 15 | "github.com/actgardner/gogen-avro/v7/vm/types" 16 | ) 17 | 18 | type NeUnionTypeEnum int 19 | 20 | const ( 21 | NeUnionTypeEnumNetworkEvent NeUnionTypeEnum = 1 22 | ) 23 | 24 | type NeUnion struct { 25 | Null *types.NullVal 26 | NetworkEvent *NetworkEvent 27 | UnionType NeUnionTypeEnum 28 | } 29 | 30 | func writeNeUnion(r *NeUnion, w io.Writer) error { 31 | 32 | if r == nil { 33 | err := vm.WriteLong(0, w) 34 | return err 35 | } 36 | 37 | err := vm.WriteLong(int64(r.UnionType), w) 38 | if err != nil { 39 | return err 40 | } 41 | switch r.UnionType { 42 | case NeUnionTypeEnumNetworkEvent: 43 | return writeNetworkEvent(r.NetworkEvent, w) 44 | } 45 | return fmt.Errorf("invalid value for *NeUnion") 46 | } 47 | 48 | func NewNeUnion() *NeUnion { 49 | return &NeUnion{} 50 | } 51 | 52 | func (_ *NeUnion) SetBoolean(v bool) { panic("Unsupported operation") } 53 | func (_ *NeUnion) SetInt(v int32) { panic("Unsupported operation") } 54 | func (_ *NeUnion) SetFloat(v float32) { panic("Unsupported operation") } 55 | func (_ *NeUnion) SetDouble(v float64) { panic("Unsupported operation") } 56 | func (_ *NeUnion) SetBytes(v []byte) { panic("Unsupported operation") } 57 | func (_ *NeUnion) SetString(v string) { panic("Unsupported operation") } 58 | func (r *NeUnion) SetLong(v int64) { 59 | r.UnionType = (NeUnionTypeEnum)(v) 60 | } 61 | func (r *NeUnion) Get(i int) types.Field { 62 | switch i { 63 | case 0: 64 | return r.Null 65 | case 1: 66 | r.NetworkEvent = NewNetworkEvent() 67 | return r.NetworkEvent 68 | } 69 | panic("Unknown field index") 70 | } 71 | func (_ *NeUnion) NullField(i int) { panic("Unsupported operation") } 72 | func (_ *NeUnion) SetDefault(i int) { panic("Unsupported operation") } 73 | func (_ *NeUnion) AppendMap(key string) types.Field { panic("Unsupported operation") } 74 | func (_ *NeUnion) AppendArray() types.Field { panic("Unsupported operation") } 75 | func (_ *NeUnion) Finalize() {} 76 | 77 | func (r *NeUnion) MarshalJSON() ([]byte, error) { 78 | if r == nil { 79 | return []byte("null"), nil 80 | } 81 | switch r.UnionType { 82 | case NeUnionTypeEnumNetworkEvent: 83 | return json.Marshal(map[string]interface{}{"NetworkEvent": r.NetworkEvent}) 84 | } 85 | return nil, fmt.Errorf("invalid value for *NeUnion") 86 | } 87 | 88 | func (r *NeUnion) UnmarshalJSON(data []byte) error { 89 | var fields map[string]json.RawMessage 90 | if err := json.Unmarshal(data, &fields); err != nil { 91 | return err 92 | } 93 | if value, ok := fields["NetworkEvent"]; ok { 94 | r.UnionType = 1 95 | return json.Unmarshal([]byte(value), &r.NetworkEvent) 96 | } 97 | return fmt.Errorf("invalid value for *NeUnion") 98 | } 99 | -------------------------------------------------------------------------------- /go/sfgo/network_event_container.go: -------------------------------------------------------------------------------- 1 | // Code generated by github.com/actgardner/gogen-avro/v7. DO NOT EDIT. 2 | /* 3 | * SOURCE: 4 | * SysFlow.avsc 5 | */ 6 | package sfgo 7 | 8 | import ( 9 | "io" 10 | 11 | "github.com/actgardner/gogen-avro/v7/compiler" 12 | "github.com/actgardner/gogen-avro/v7/container" 13 | "github.com/actgardner/gogen-avro/v7/vm" 14 | ) 15 | 16 | func NewNetworkEventWriter(writer io.Writer, codec container.Codec, recordsPerBlock int64) (*container.Writer, error) { 17 | str := NewNetworkEvent() 18 | return container.NewWriter(writer, codec, recordsPerBlock, str.Schema()) 19 | } 20 | 21 | // container reader 22 | type NetworkEventReader struct { 23 | r io.Reader 24 | p *vm.Program 25 | } 26 | 27 | func NewNetworkEventReader(r io.Reader) (*NetworkEventReader, error) { 28 | containerReader, err := container.NewReader(r) 29 | if err != nil { 30 | return nil, err 31 | } 32 | 33 | t := NewNetworkEvent() 34 | deser, err := compiler.CompileSchemaBytes([]byte(containerReader.AvroContainerSchema()), []byte(t.Schema())) 35 | if err != nil { 36 | return nil, err 37 | } 38 | 39 | return &NetworkEventReader{ 40 | r: containerReader, 41 | p: deser, 42 | }, nil 43 | } 44 | 45 | func (r NetworkEventReader) Read() (*NetworkEvent, error) { 46 | t := NewNetworkEvent() 47 | err := vm.Eval(r.r, r.p, t) 48 | return t, err 49 | } 50 | -------------------------------------------------------------------------------- /go/sfgo/network_flow_container.go: -------------------------------------------------------------------------------- 1 | // Code generated by github.com/actgardner/gogen-avro/v7. DO NOT EDIT. 2 | /* 3 | * SOURCE: 4 | * SysFlow.avsc 5 | */ 6 | package sfgo 7 | 8 | import ( 9 | "io" 10 | 11 | "github.com/actgardner/gogen-avro/v7/compiler" 12 | "github.com/actgardner/gogen-avro/v7/container" 13 | "github.com/actgardner/gogen-avro/v7/vm" 14 | ) 15 | 16 | func NewNetworkFlowWriter(writer io.Writer, codec container.Codec, recordsPerBlock int64) (*container.Writer, error) { 17 | str := NewNetworkFlow() 18 | return container.NewWriter(writer, codec, recordsPerBlock, str.Schema()) 19 | } 20 | 21 | // container reader 22 | type NetworkFlowReader struct { 23 | r io.Reader 24 | p *vm.Program 25 | } 26 | 27 | func NewNetworkFlowReader(r io.Reader) (*NetworkFlowReader, error) { 28 | containerReader, err := container.NewReader(r) 29 | if err != nil { 30 | return nil, err 31 | } 32 | 33 | t := NewNetworkFlow() 34 | deser, err := compiler.CompileSchemaBytes([]byte(containerReader.AvroContainerSchema()), []byte(t.Schema())) 35 | if err != nil { 36 | return nil, err 37 | } 38 | 39 | return &NetworkFlowReader{ 40 | r: containerReader, 41 | p: deser, 42 | }, nil 43 | } 44 | 45 | func (r NetworkFlowReader) Read() (*NetworkFlow, error) { 46 | t := NewNetworkFlow() 47 | err := vm.Eval(r.r, r.p, t) 48 | return t, err 49 | } 50 | -------------------------------------------------------------------------------- /go/sfgo/new_file_oid_union.go: -------------------------------------------------------------------------------- 1 | // Code generated by github.com/actgardner/gogen-avro/v7. DO NOT EDIT. 2 | /* 3 | * SOURCE: 4 | * SysFlow.avsc 5 | */ 6 | package sfgo 7 | 8 | import ( 9 | "encoding/json" 10 | "fmt" 11 | "io" 12 | 13 | "github.com/actgardner/gogen-avro/v7/vm" 14 | "github.com/actgardner/gogen-avro/v7/vm/types" 15 | ) 16 | 17 | type NewFileOIDUnionTypeEnum int 18 | 19 | const ( 20 | NewFileOIDUnionTypeEnumFOID NewFileOIDUnionTypeEnum = 1 21 | ) 22 | 23 | type NewFileOIDUnion struct { 24 | Null *types.NullVal 25 | FOID FOID 26 | UnionType NewFileOIDUnionTypeEnum 27 | } 28 | 29 | func writeNewFileOIDUnion(r *NewFileOIDUnion, w io.Writer) error { 30 | 31 | if r == nil { 32 | err := vm.WriteLong(0, w) 33 | return err 34 | } 35 | 36 | err := vm.WriteLong(int64(r.UnionType), w) 37 | if err != nil { 38 | return err 39 | } 40 | switch r.UnionType { 41 | case NewFileOIDUnionTypeEnumFOID: 42 | return writeFOID(r.FOID, w) 43 | } 44 | return fmt.Errorf("invalid value for *NewFileOIDUnion") 45 | } 46 | 47 | func NewNewFileOIDUnion() *NewFileOIDUnion { 48 | return &NewFileOIDUnion{} 49 | } 50 | 51 | func (_ *NewFileOIDUnion) SetBoolean(v bool) { panic("Unsupported operation") } 52 | func (_ *NewFileOIDUnion) SetInt(v int32) { panic("Unsupported operation") } 53 | func (_ *NewFileOIDUnion) SetFloat(v float32) { panic("Unsupported operation") } 54 | func (_ *NewFileOIDUnion) SetDouble(v float64) { panic("Unsupported operation") } 55 | func (_ *NewFileOIDUnion) SetBytes(v []byte) { panic("Unsupported operation") } 56 | func (_ *NewFileOIDUnion) SetString(v string) { panic("Unsupported operation") } 57 | func (r *NewFileOIDUnion) SetLong(v int64) { 58 | r.UnionType = (NewFileOIDUnionTypeEnum)(v) 59 | } 60 | func (r *NewFileOIDUnion) Get(i int) types.Field { 61 | switch i { 62 | case 0: 63 | return r.Null 64 | case 1: 65 | return &FOIDWrapper{Target: (&r.FOID)} 66 | } 67 | panic("Unknown field index") 68 | } 69 | func (_ *NewFileOIDUnion) NullField(i int) { panic("Unsupported operation") } 70 | func (_ *NewFileOIDUnion) SetDefault(i int) { panic("Unsupported operation") } 71 | func (_ *NewFileOIDUnion) AppendMap(key string) types.Field { panic("Unsupported operation") } 72 | func (_ *NewFileOIDUnion) AppendArray() types.Field { panic("Unsupported operation") } 73 | func (_ *NewFileOIDUnion) Finalize() {} 74 | 75 | func (r *NewFileOIDUnion) MarshalJSON() ([]byte, error) { 76 | if r == nil { 77 | return []byte("null"), nil 78 | } 79 | switch r.UnionType { 80 | case NewFileOIDUnionTypeEnumFOID: 81 | return json.Marshal(map[string]interface{}{"FOID": r.FOID}) 82 | } 83 | return nil, fmt.Errorf("invalid value for *NewFileOIDUnion") 84 | } 85 | 86 | func (r *NewFileOIDUnion) UnmarshalJSON(data []byte) error { 87 | var fields map[string]json.RawMessage 88 | if err := json.Unmarshal(data, &fields); err != nil { 89 | return err 90 | } 91 | if value, ok := fields["FOID"]; ok { 92 | r.UnionType = 1 93 | return json.Unmarshal([]byte(value), &r.FOID) 94 | } 95 | return fmt.Errorf("invalid value for *NewFileOIDUnion") 96 | } 97 | -------------------------------------------------------------------------------- /go/sfgo/newfile_union.go: -------------------------------------------------------------------------------- 1 | // Code generated by github.com/actgardner/gogen-avro/v7. DO NOT EDIT. 2 | /* 3 | * SOURCES: 4 | * GraphletRecord.avsc 5 | * SysFlow.avsc 6 | */ 7 | package sfgo 8 | 9 | import ( 10 | "encoding/json" 11 | "fmt" 12 | "io" 13 | 14 | "github.com/actgardner/gogen-avro/v7/vm" 15 | "github.com/actgardner/gogen-avro/v7/vm/types" 16 | ) 17 | 18 | type NewfileUnionTypeEnum int 19 | 20 | const ( 21 | NewfileUnionTypeEnumFile NewfileUnionTypeEnum = 1 22 | ) 23 | 24 | type NewfileUnion struct { 25 | Null *types.NullVal 26 | File *File 27 | UnionType NewfileUnionTypeEnum 28 | } 29 | 30 | func writeNewfileUnion(r *NewfileUnion, w io.Writer) error { 31 | 32 | if r == nil { 33 | err := vm.WriteLong(0, w) 34 | return err 35 | } 36 | 37 | err := vm.WriteLong(int64(r.UnionType), w) 38 | if err != nil { 39 | return err 40 | } 41 | switch r.UnionType { 42 | case NewfileUnionTypeEnumFile: 43 | return writeFile(r.File, w) 44 | } 45 | return fmt.Errorf("invalid value for *NewfileUnion") 46 | } 47 | 48 | func NewNewfileUnion() *NewfileUnion { 49 | return &NewfileUnion{} 50 | } 51 | 52 | func (_ *NewfileUnion) SetBoolean(v bool) { panic("Unsupported operation") } 53 | func (_ *NewfileUnion) SetInt(v int32) { panic("Unsupported operation") } 54 | func (_ *NewfileUnion) SetFloat(v float32) { panic("Unsupported operation") } 55 | func (_ *NewfileUnion) SetDouble(v float64) { panic("Unsupported operation") } 56 | func (_ *NewfileUnion) SetBytes(v []byte) { panic("Unsupported operation") } 57 | func (_ *NewfileUnion) SetString(v string) { panic("Unsupported operation") } 58 | func (r *NewfileUnion) SetLong(v int64) { 59 | r.UnionType = (NewfileUnionTypeEnum)(v) 60 | } 61 | func (r *NewfileUnion) Get(i int) types.Field { 62 | switch i { 63 | case 0: 64 | return r.Null 65 | case 1: 66 | r.File = NewFile() 67 | return r.File 68 | } 69 | panic("Unknown field index") 70 | } 71 | func (_ *NewfileUnion) NullField(i int) { panic("Unsupported operation") } 72 | func (_ *NewfileUnion) SetDefault(i int) { panic("Unsupported operation") } 73 | func (_ *NewfileUnion) AppendMap(key string) types.Field { panic("Unsupported operation") } 74 | func (_ *NewfileUnion) AppendArray() types.Field { panic("Unsupported operation") } 75 | func (_ *NewfileUnion) Finalize() {} 76 | 77 | func (r *NewfileUnion) MarshalJSON() ([]byte, error) { 78 | if r == nil { 79 | return []byte("null"), nil 80 | } 81 | switch r.UnionType { 82 | case NewfileUnionTypeEnumFile: 83 | return json.Marshal(map[string]interface{}{"File": r.File}) 84 | } 85 | return nil, fmt.Errorf("invalid value for *NewfileUnion") 86 | } 87 | 88 | func (r *NewfileUnion) UnmarshalJSON(data []byte) error { 89 | var fields map[string]json.RawMessage 90 | if err := json.Unmarshal(data, &fields); err != nil { 91 | return err 92 | } 93 | if value, ok := fields["File"]; ok { 94 | r.UnionType = 1 95 | return json.Unmarshal([]byte(value), &r.File) 96 | } 97 | return fmt.Errorf("invalid value for *NewfileUnion") 98 | } 99 | -------------------------------------------------------------------------------- /go/sfgo/nf_union.go: -------------------------------------------------------------------------------- 1 | // Code generated by github.com/actgardner/gogen-avro/v7. DO NOT EDIT. 2 | /* 3 | * SOURCES: 4 | * GraphletRecord.avsc 5 | * SysFlow.avsc 6 | */ 7 | package sfgo 8 | 9 | import ( 10 | "encoding/json" 11 | "fmt" 12 | "io" 13 | 14 | "github.com/actgardner/gogen-avro/v7/vm" 15 | "github.com/actgardner/gogen-avro/v7/vm/types" 16 | ) 17 | 18 | type NfUnionTypeEnum int 19 | 20 | const ( 21 | NfUnionTypeEnumNetworkFlow NfUnionTypeEnum = 1 22 | ) 23 | 24 | type NfUnion struct { 25 | Null *types.NullVal 26 | NetworkFlow *NetworkFlow 27 | UnionType NfUnionTypeEnum 28 | } 29 | 30 | func writeNfUnion(r *NfUnion, w io.Writer) error { 31 | 32 | if r == nil { 33 | err := vm.WriteLong(0, w) 34 | return err 35 | } 36 | 37 | err := vm.WriteLong(int64(r.UnionType), w) 38 | if err != nil { 39 | return err 40 | } 41 | switch r.UnionType { 42 | case NfUnionTypeEnumNetworkFlow: 43 | return writeNetworkFlow(r.NetworkFlow, w) 44 | } 45 | return fmt.Errorf("invalid value for *NfUnion") 46 | } 47 | 48 | func NewNfUnion() *NfUnion { 49 | return &NfUnion{} 50 | } 51 | 52 | func (_ *NfUnion) SetBoolean(v bool) { panic("Unsupported operation") } 53 | func (_ *NfUnion) SetInt(v int32) { panic("Unsupported operation") } 54 | func (_ *NfUnion) SetFloat(v float32) { panic("Unsupported operation") } 55 | func (_ *NfUnion) SetDouble(v float64) { panic("Unsupported operation") } 56 | func (_ *NfUnion) SetBytes(v []byte) { panic("Unsupported operation") } 57 | func (_ *NfUnion) SetString(v string) { panic("Unsupported operation") } 58 | func (r *NfUnion) SetLong(v int64) { 59 | r.UnionType = (NfUnionTypeEnum)(v) 60 | } 61 | func (r *NfUnion) Get(i int) types.Field { 62 | switch i { 63 | case 0: 64 | return r.Null 65 | case 1: 66 | r.NetworkFlow = NewNetworkFlow() 67 | return r.NetworkFlow 68 | } 69 | panic("Unknown field index") 70 | } 71 | func (_ *NfUnion) NullField(i int) { panic("Unsupported operation") } 72 | func (_ *NfUnion) SetDefault(i int) { panic("Unsupported operation") } 73 | func (_ *NfUnion) AppendMap(key string) types.Field { panic("Unsupported operation") } 74 | func (_ *NfUnion) AppendArray() types.Field { panic("Unsupported operation") } 75 | func (_ *NfUnion) Finalize() {} 76 | 77 | func (r *NfUnion) MarshalJSON() ([]byte, error) { 78 | if r == nil { 79 | return []byte("null"), nil 80 | } 81 | switch r.UnionType { 82 | case NfUnionTypeEnumNetworkFlow: 83 | return json.Marshal(map[string]interface{}{"NetworkFlow": r.NetworkFlow}) 84 | } 85 | return nil, fmt.Errorf("invalid value for *NfUnion") 86 | } 87 | 88 | func (r *NfUnion) UnmarshalJSON(data []byte) error { 89 | var fields map[string]json.RawMessage 90 | if err := json.Unmarshal(data, &fields); err != nil { 91 | return err 92 | } 93 | if value, ok := fields["NetworkFlow"]; ok { 94 | r.UnionType = 1 95 | return json.Unmarshal([]byte(value), &r.NetworkFlow) 96 | } 97 | return fmt.Errorf("invalid value for *NfUnion") 98 | } 99 | -------------------------------------------------------------------------------- /go/sfgo/oid.go: -------------------------------------------------------------------------------- 1 | // Code generated by github.com/actgardner/gogen-avro/v7. DO NOT EDIT. 2 | /* 3 | * SOURCE: 4 | * SysFlow.avsc 5 | */ 6 | package sfgo 7 | 8 | import ( 9 | "github.com/actgardner/gogen-avro/v7/compiler" 10 | "github.com/actgardner/gogen-avro/v7/vm" 11 | "github.com/actgardner/gogen-avro/v7/vm/types" 12 | "io" 13 | ) 14 | 15 | type OID struct { 16 | CreateTS int64 `json:"createTS"` 17 | 18 | Hpid int64 `json:"hpid"` 19 | } 20 | 21 | const OIDAvroCRC64Fingerprint = "\x98ׅf\x87\xe7\u0602" 22 | 23 | func NewOID() *OID { 24 | return &OID{} 25 | } 26 | 27 | func DeserializeOID(r io.Reader) (*OID, error) { 28 | t := NewOID() 29 | deser, err := compiler.CompileSchemaBytes([]byte(t.Schema()), []byte(t.Schema())) 30 | if err != nil { 31 | return nil, err 32 | } 33 | 34 | err = vm.Eval(r, deser, t) 35 | if err != nil { 36 | return nil, err 37 | } 38 | return t, err 39 | } 40 | 41 | func DeserializeOIDFromSchema(r io.Reader, schema string) (*OID, error) { 42 | t := NewOID() 43 | 44 | deser, err := compiler.CompileSchemaBytes([]byte(schema), []byte(t.Schema())) 45 | if err != nil { 46 | return nil, err 47 | } 48 | 49 | err = vm.Eval(r, deser, t) 50 | if err != nil { 51 | return nil, err 52 | } 53 | return t, err 54 | } 55 | 56 | func writeOID(r *OID, w io.Writer) error { 57 | var err error 58 | err = vm.WriteLong(r.CreateTS, w) 59 | if err != nil { 60 | return err 61 | } 62 | err = vm.WriteLong(r.Hpid, w) 63 | if err != nil { 64 | return err 65 | } 66 | return err 67 | } 68 | 69 | func (r *OID) Serialize(w io.Writer) error { 70 | return writeOID(r, w) 71 | } 72 | 73 | func (r *OID) Schema() string { 74 | return "{\"fields\":[{\"name\":\"createTS\",\"type\":\"long\"},{\"name\":\"hpid\",\"type\":\"long\"}],\"name\":\"sysflow.type.OID\",\"type\":\"record\"}" 75 | } 76 | 77 | func (r *OID) SchemaName() string { 78 | return "sysflow.type.OID" 79 | } 80 | 81 | func (_ *OID) SetBoolean(v bool) { panic("Unsupported operation") } 82 | func (_ *OID) SetInt(v int32) { panic("Unsupported operation") } 83 | func (_ *OID) SetLong(v int64) { panic("Unsupported operation") } 84 | func (_ *OID) SetFloat(v float32) { panic("Unsupported operation") } 85 | func (_ *OID) SetDouble(v float64) { panic("Unsupported operation") } 86 | func (_ *OID) SetBytes(v []byte) { panic("Unsupported operation") } 87 | func (_ *OID) SetString(v string) { panic("Unsupported operation") } 88 | func (_ *OID) SetUnionElem(v int64) { panic("Unsupported operation") } 89 | 90 | func (r *OID) Get(i int) types.Field { 91 | switch i { 92 | case 0: 93 | return &types.Long{Target: &r.CreateTS} 94 | case 1: 95 | return &types.Long{Target: &r.Hpid} 96 | } 97 | panic("Unknown field index") 98 | } 99 | 100 | func (r *OID) SetDefault(i int) { 101 | switch i { 102 | } 103 | panic("Unknown field index") 104 | } 105 | 106 | func (r *OID) NullField(i int) { 107 | switch i { 108 | } 109 | panic("Not a nullable field index") 110 | } 111 | 112 | func (_ *OID) AppendMap(key string) types.Field { panic("Unsupported operation") } 113 | func (_ *OID) AppendArray() types.Field { panic("Unsupported operation") } 114 | func (_ *OID) Finalize() {} 115 | 116 | func (_ *OID) AvroCRC64Fingerprint() []byte { 117 | return []byte(OIDAvroCRC64Fingerprint) 118 | } 119 | -------------------------------------------------------------------------------- /go/sfgo/oid_container.go: -------------------------------------------------------------------------------- 1 | // Code generated by github.com/actgardner/gogen-avro/v7. DO NOT EDIT. 2 | /* 3 | * SOURCE: 4 | * SysFlow.avsc 5 | */ 6 | package sfgo 7 | 8 | import ( 9 | "io" 10 | 11 | "github.com/actgardner/gogen-avro/v7/compiler" 12 | "github.com/actgardner/gogen-avro/v7/container" 13 | "github.com/actgardner/gogen-avro/v7/vm" 14 | ) 15 | 16 | func NewOIDWriter(writer io.Writer, codec container.Codec, recordsPerBlock int64) (*container.Writer, error) { 17 | str := NewOID() 18 | return container.NewWriter(writer, codec, recordsPerBlock, str.Schema()) 19 | } 20 | 21 | // container reader 22 | type OIDReader struct { 23 | r io.Reader 24 | p *vm.Program 25 | } 26 | 27 | func NewOIDReader(r io.Reader) (*OIDReader, error) { 28 | containerReader, err := container.NewReader(r) 29 | if err != nil { 30 | return nil, err 31 | } 32 | 33 | t := NewOID() 34 | deser, err := compiler.CompileSchemaBytes([]byte(containerReader.AvroContainerSchema()), []byte(t.Schema())) 35 | if err != nil { 36 | return nil, err 37 | } 38 | 39 | return &OIDReader{ 40 | r: containerReader, 41 | p: deser, 42 | }, nil 43 | } 44 | 45 | func (r OIDReader) Read() (*OID, error) { 46 | t := NewOID() 47 | err := vm.Eval(r.r, r.p, t) 48 | return t, err 49 | } 50 | -------------------------------------------------------------------------------- /go/sfgo/op_flags.go: -------------------------------------------------------------------------------- 1 | package sfgo 2 | 3 | // OpFlag bipmap constants. 4 | const ( 5 | OP_CLONE = (1 << 0) 6 | OP_EXEC = (1 << 1) 7 | OP_EXIT = (1 << 2) 8 | OP_SETUID = (1 << 3) 9 | OP_SETNS = (1 << 4) 10 | OP_ACCEPT = (1 << 5) 11 | OP_CONNECT = (1 << 6) 12 | OP_OPEN = (1 << 7) 13 | OP_READ_RECV = (1 << 8) 14 | OP_WRITE_SEND = (1 << 9) 15 | OP_CLOSE = (1 << 10) 16 | OP_TRUNCATE = (1 << 11) 17 | OP_SHUTDOWN = (1 << 12) 18 | OP_MMAP = (1 << 13) 19 | OP_DIGEST = (1 << 14) 20 | OP_MKDIR = (1 << 15) 21 | OP_RMDIR = (1 << 16) 22 | OP_LINK = (1 << 17) 23 | OP_UNLINK = (1 << 18) 24 | OP_SYMLINK = (1 << 19) 25 | OP_RENAME = (1 << 20) 26 | ) 27 | 28 | // OpFlag string constants. 29 | const ( 30 | OpFlagMkdir = "MKDIR" 31 | OpFlagRmdir = "RMDIR" 32 | OpFlagLink = "LINK" 33 | OpFlagSymlink = "SYMLINK" 34 | OpFlagUnlink = "UNLINK" 35 | OpFlagRename = "RENAME" 36 | OpFlagClone = "CLONE" 37 | OpFlagExec = "EXEC" 38 | OpFlagExit = "EXIT" 39 | OpFlagSetuid = "SETUID" 40 | OpFlagOpen = "OPEN" 41 | OpFlagAccept = "ACCEPT" 42 | OpFlagConnect = "CONNECT" 43 | OpFlagWrite = "WRITE" 44 | OpFlagSend = "SEND" 45 | OpFlagRead = "READ" 46 | OpFlagReceive = "RECV" 47 | OpFlagSetns = "SETNS" 48 | OpFlagMmap = "MMAP" 49 | OpFlagShutdown = "SHUTDOWN" 50 | OpFlagClose = "CLOSE" 51 | OpFlagTruncate = "TRUNCATE" 52 | OpFlagDigest = "DIGEST" 53 | OpFlagOpenChar = "O" 54 | OpFlagAcceptChar = "A" 55 | OpFlagConnectChar = "C" 56 | OpFlagWSendChar = "W" 57 | OpFlagRReceiveChar = "R" 58 | OpFlagSetnsChar = "N" 59 | OpFlagMmapChar = "M" 60 | OpFlagShutdownChar = "S" 61 | OpFlagCloseChar = "C" 62 | OpFlagTruncateChar = "T" 63 | OpFlagDigestChar = "D" 64 | OpFlagEmpty = "" 65 | ) 66 | 67 | // OpFlag event type constants. 68 | const ( 69 | EvTypeMkdir = "mkdir" 70 | EvTypeRmdir = "rmdir" 71 | EvTypeLink = "link" 72 | EvTypeSymlink = "symlink" 73 | EvTypeUnlink = "unlink" 74 | EvTypeRename = "rename" 75 | EvTypeClone = "clone" 76 | EvTypeExec = "execve" 77 | EvTypeExit = "exit" 78 | EvTypeSetuid = "setuid" 79 | EvTypeOpen = "open" 80 | EvTypeAccept = "accept" 81 | EvTypeConnect = "connect" 82 | EvTypeWrite = "write" 83 | EvTypeSend = "send" 84 | EvTypeRead = "read" 85 | EvTypeReceive = "recv" 86 | EvTypeSetns = "setns" 87 | EvTypeMmap = "mmap" 88 | EvTypeShutdown = "shutdown" 89 | EvTypeClose = "close" 90 | ) 91 | -------------------------------------------------------------------------------- /go/sfgo/open_flags.go: -------------------------------------------------------------------------------- 1 | package sfgo 2 | 3 | // Open Flags 4 | const ( 5 | O_NONE = (0) 6 | O_RDONLY = (1 << 0) // Open for reading only 7 | O_WRONLY = (1 << 1) // Open for writing only 8 | O_RDWR = (O_RDONLY | O_WRONLY) // Open for reading and writing 9 | O_CREAT = (1 << 2) // Create a new file if it doesn't exist. 10 | O_APPEND = (1 << 3) // If set, the file offset shall be set to the end of the file prior to each write. 11 | O_DSYNC = (1 << 4) 12 | O_EXCL = (1 << 5) 13 | O_NONBLOCK = (1 << 6) 14 | O_SYNC = (1 << 7) 15 | O_TRUNC = (1 << 8) 16 | O_DIRECT = (1 << 9) 17 | O_DIRECTORY = (1 << 10) 18 | O_LARGEFILE = (1 << 11) 19 | O_CLOEXEC = (1 << 12) 20 | ) 21 | 22 | // OpenFlag string constants. 23 | const ( 24 | OpenFlagNone = "NONE" 25 | OpenFlagRdonly = "RDONLY" 26 | OpenFlagWronly = "WRONLY" 27 | OpenFlagRdwr = "RDWR" 28 | OpenFlagCreat = "CREAT" 29 | OpenFlagExcl = "EXCL" 30 | OpenFlagTrunc = "TRUNC" 31 | OpenFlagAppend = "APPEND" 32 | OpenFlagNonBlock = "NONBLOCK" 33 | OpenFlagDsync = "DSYNC" 34 | OpenFlagDirect = "DIRECT" 35 | OpenFlagLargefile = "LARGEFILE" 36 | OpenFlagDir = "DIRECTORY" 37 | OpenFlagCloexec = "CLOEXEC" 38 | OpenFlagSync = "SYNC" 39 | ) 40 | -------------------------------------------------------------------------------- /go/sfgo/pe_union.go: -------------------------------------------------------------------------------- 1 | // Code generated by github.com/actgardner/gogen-avro/v7. DO NOT EDIT. 2 | /* 3 | * SOURCES: 4 | * GraphletRecord.avsc 5 | * SysFlow.avsc 6 | */ 7 | package sfgo 8 | 9 | import ( 10 | "encoding/json" 11 | "fmt" 12 | "io" 13 | 14 | "github.com/actgardner/gogen-avro/v7/vm" 15 | "github.com/actgardner/gogen-avro/v7/vm/types" 16 | ) 17 | 18 | type PeUnionTypeEnum int 19 | 20 | const ( 21 | PeUnionTypeEnumProcessEvent PeUnionTypeEnum = 1 22 | ) 23 | 24 | type PeUnion struct { 25 | Null *types.NullVal 26 | ProcessEvent *ProcessEvent 27 | UnionType PeUnionTypeEnum 28 | } 29 | 30 | func writePeUnion(r *PeUnion, w io.Writer) error { 31 | 32 | if r == nil { 33 | err := vm.WriteLong(0, w) 34 | return err 35 | } 36 | 37 | err := vm.WriteLong(int64(r.UnionType), w) 38 | if err != nil { 39 | return err 40 | } 41 | switch r.UnionType { 42 | case PeUnionTypeEnumProcessEvent: 43 | return writeProcessEvent(r.ProcessEvent, w) 44 | } 45 | return fmt.Errorf("invalid value for *PeUnion") 46 | } 47 | 48 | func NewPeUnion() *PeUnion { 49 | return &PeUnion{} 50 | } 51 | 52 | func (_ *PeUnion) SetBoolean(v bool) { panic("Unsupported operation") } 53 | func (_ *PeUnion) SetInt(v int32) { panic("Unsupported operation") } 54 | func (_ *PeUnion) SetFloat(v float32) { panic("Unsupported operation") } 55 | func (_ *PeUnion) SetDouble(v float64) { panic("Unsupported operation") } 56 | func (_ *PeUnion) SetBytes(v []byte) { panic("Unsupported operation") } 57 | func (_ *PeUnion) SetString(v string) { panic("Unsupported operation") } 58 | func (r *PeUnion) SetLong(v int64) { 59 | r.UnionType = (PeUnionTypeEnum)(v) 60 | } 61 | func (r *PeUnion) Get(i int) types.Field { 62 | switch i { 63 | case 0: 64 | return r.Null 65 | case 1: 66 | r.ProcessEvent = NewProcessEvent() 67 | return r.ProcessEvent 68 | } 69 | panic("Unknown field index") 70 | } 71 | func (_ *PeUnion) NullField(i int) { panic("Unsupported operation") } 72 | func (_ *PeUnion) SetDefault(i int) { panic("Unsupported operation") } 73 | func (_ *PeUnion) AppendMap(key string) types.Field { panic("Unsupported operation") } 74 | func (_ *PeUnion) AppendArray() types.Field { panic("Unsupported operation") } 75 | func (_ *PeUnion) Finalize() {} 76 | 77 | func (r *PeUnion) MarshalJSON() ([]byte, error) { 78 | if r == nil { 79 | return []byte("null"), nil 80 | } 81 | switch r.UnionType { 82 | case PeUnionTypeEnumProcessEvent: 83 | return json.Marshal(map[string]interface{}{"ProcessEvent": r.ProcessEvent}) 84 | } 85 | return nil, fmt.Errorf("invalid value for *PeUnion") 86 | } 87 | 88 | func (r *PeUnion) UnmarshalJSON(data []byte) error { 89 | var fields map[string]json.RawMessage 90 | if err := json.Unmarshal(data, &fields); err != nil { 91 | return err 92 | } 93 | if value, ok := fields["ProcessEvent"]; ok { 94 | r.UnionType = 1 95 | return json.Unmarshal([]byte(value), &r.ProcessEvent) 96 | } 97 | return fmt.Errorf("invalid value for *PeUnion") 98 | } 99 | -------------------------------------------------------------------------------- /go/sfgo/pf_union.go: -------------------------------------------------------------------------------- 1 | // Code generated by github.com/actgardner/gogen-avro/v7. DO NOT EDIT. 2 | /* 3 | * SOURCES: 4 | * GraphletRecord.avsc 5 | * SysFlow.avsc 6 | */ 7 | package sfgo 8 | 9 | import ( 10 | "encoding/json" 11 | "fmt" 12 | "io" 13 | 14 | "github.com/actgardner/gogen-avro/v7/vm" 15 | "github.com/actgardner/gogen-avro/v7/vm/types" 16 | ) 17 | 18 | type PfUnionTypeEnum int 19 | 20 | const ( 21 | PfUnionTypeEnumProcessFlow PfUnionTypeEnum = 1 22 | ) 23 | 24 | type PfUnion struct { 25 | Null *types.NullVal 26 | ProcessFlow *ProcessFlow 27 | UnionType PfUnionTypeEnum 28 | } 29 | 30 | func writePfUnion(r *PfUnion, w io.Writer) error { 31 | 32 | if r == nil { 33 | err := vm.WriteLong(0, w) 34 | return err 35 | } 36 | 37 | err := vm.WriteLong(int64(r.UnionType), w) 38 | if err != nil { 39 | return err 40 | } 41 | switch r.UnionType { 42 | case PfUnionTypeEnumProcessFlow: 43 | return writeProcessFlow(r.ProcessFlow, w) 44 | } 45 | return fmt.Errorf("invalid value for *PfUnion") 46 | } 47 | 48 | func NewPfUnion() *PfUnion { 49 | return &PfUnion{} 50 | } 51 | 52 | func (_ *PfUnion) SetBoolean(v bool) { panic("Unsupported operation") } 53 | func (_ *PfUnion) SetInt(v int32) { panic("Unsupported operation") } 54 | func (_ *PfUnion) SetFloat(v float32) { panic("Unsupported operation") } 55 | func (_ *PfUnion) SetDouble(v float64) { panic("Unsupported operation") } 56 | func (_ *PfUnion) SetBytes(v []byte) { panic("Unsupported operation") } 57 | func (_ *PfUnion) SetString(v string) { panic("Unsupported operation") } 58 | func (r *PfUnion) SetLong(v int64) { 59 | r.UnionType = (PfUnionTypeEnum)(v) 60 | } 61 | func (r *PfUnion) Get(i int) types.Field { 62 | switch i { 63 | case 0: 64 | return r.Null 65 | case 1: 66 | r.ProcessFlow = NewProcessFlow() 67 | return r.ProcessFlow 68 | } 69 | panic("Unknown field index") 70 | } 71 | func (_ *PfUnion) NullField(i int) { panic("Unsupported operation") } 72 | func (_ *PfUnion) SetDefault(i int) { panic("Unsupported operation") } 73 | func (_ *PfUnion) AppendMap(key string) types.Field { panic("Unsupported operation") } 74 | func (_ *PfUnion) AppendArray() types.Field { panic("Unsupported operation") } 75 | func (_ *PfUnion) Finalize() {} 76 | 77 | func (r *PfUnion) MarshalJSON() ([]byte, error) { 78 | if r == nil { 79 | return []byte("null"), nil 80 | } 81 | switch r.UnionType { 82 | case PfUnionTypeEnumProcessFlow: 83 | return json.Marshal(map[string]interface{}{"ProcessFlow": r.ProcessFlow}) 84 | } 85 | return nil, fmt.Errorf("invalid value for *PfUnion") 86 | } 87 | 88 | func (r *PfUnion) UnmarshalJSON(data []byte) error { 89 | var fields map[string]json.RawMessage 90 | if err := json.Unmarshal(data, &fields); err != nil { 91 | return err 92 | } 93 | if value, ok := fields["ProcessFlow"]; ok { 94 | r.UnionType = 1 95 | return json.Unmarshal([]byte(value), &r.ProcessFlow) 96 | } 97 | return fmt.Errorf("invalid value for *PfUnion") 98 | } 99 | -------------------------------------------------------------------------------- /go/sfgo/pod_container.go: -------------------------------------------------------------------------------- 1 | // Code generated by github.com/actgardner/gogen-avro/v7. DO NOT EDIT. 2 | /* 3 | * SOURCE: 4 | * SysFlow.avsc 5 | */ 6 | package sfgo 7 | 8 | import ( 9 | "io" 10 | 11 | "github.com/actgardner/gogen-avro/v7/compiler" 12 | "github.com/actgardner/gogen-avro/v7/container" 13 | "github.com/actgardner/gogen-avro/v7/vm" 14 | ) 15 | 16 | func NewPodWriter(writer io.Writer, codec container.Codec, recordsPerBlock int64) (*container.Writer, error) { 17 | str := NewPod() 18 | return container.NewWriter(writer, codec, recordsPerBlock, str.Schema()) 19 | } 20 | 21 | // container reader 22 | type PodReader struct { 23 | r io.Reader 24 | p *vm.Program 25 | } 26 | 27 | func NewPodReader(r io.Reader) (*PodReader, error) { 28 | containerReader, err := container.NewReader(r) 29 | if err != nil { 30 | return nil, err 31 | } 32 | 33 | t := NewPod() 34 | deser, err := compiler.CompileSchemaBytes([]byte(containerReader.AvroContainerSchema()), []byte(t.Schema())) 35 | if err != nil { 36 | return nil, err 37 | } 38 | 39 | return &PodReader{ 40 | r: containerReader, 41 | p: deser, 42 | }, nil 43 | } 44 | 45 | func (r PodReader) Read() (*Pod, error) { 46 | t := NewPod() 47 | err := vm.Eval(r.r, r.p, t) 48 | return t, err 49 | } 50 | -------------------------------------------------------------------------------- /go/sfgo/pod_id_union.go: -------------------------------------------------------------------------------- 1 | // Code generated by github.com/actgardner/gogen-avro/v7. DO NOT EDIT. 2 | /* 3 | * SOURCE: 4 | * SysFlow.avsc 5 | */ 6 | package sfgo 7 | 8 | import ( 9 | "encoding/json" 10 | "fmt" 11 | "io" 12 | 13 | "github.com/actgardner/gogen-avro/v7/vm" 14 | "github.com/actgardner/gogen-avro/v7/vm/types" 15 | ) 16 | 17 | type PodIdUnionTypeEnum int 18 | 19 | const ( 20 | PodIdUnionTypeEnumString PodIdUnionTypeEnum = 1 21 | ) 22 | 23 | type PodIdUnion struct { 24 | Null *types.NullVal 25 | String string 26 | UnionType PodIdUnionTypeEnum 27 | } 28 | 29 | func writePodIdUnion(r *PodIdUnion, w io.Writer) error { 30 | 31 | if r == nil { 32 | err := vm.WriteLong(0, w) 33 | return err 34 | } 35 | 36 | err := vm.WriteLong(int64(r.UnionType), w) 37 | if err != nil { 38 | return err 39 | } 40 | switch r.UnionType { 41 | case PodIdUnionTypeEnumString: 42 | return vm.WriteString(r.String, w) 43 | } 44 | return fmt.Errorf("invalid value for *PodIdUnion") 45 | } 46 | 47 | func NewPodIdUnion() *PodIdUnion { 48 | return &PodIdUnion{} 49 | } 50 | 51 | func (_ *PodIdUnion) SetBoolean(v bool) { panic("Unsupported operation") } 52 | func (_ *PodIdUnion) SetInt(v int32) { panic("Unsupported operation") } 53 | func (_ *PodIdUnion) SetFloat(v float32) { panic("Unsupported operation") } 54 | func (_ *PodIdUnion) SetDouble(v float64) { panic("Unsupported operation") } 55 | func (_ *PodIdUnion) SetBytes(v []byte) { panic("Unsupported operation") } 56 | func (_ *PodIdUnion) SetString(v string) { panic("Unsupported operation") } 57 | func (r *PodIdUnion) SetLong(v int64) { 58 | r.UnionType = (PodIdUnionTypeEnum)(v) 59 | } 60 | func (r *PodIdUnion) Get(i int) types.Field { 61 | switch i { 62 | case 0: 63 | return r.Null 64 | case 1: 65 | return &types.String{Target: (&r.String)} 66 | } 67 | panic("Unknown field index") 68 | } 69 | func (_ *PodIdUnion) NullField(i int) { panic("Unsupported operation") } 70 | func (_ *PodIdUnion) SetDefault(i int) { panic("Unsupported operation") } 71 | func (_ *PodIdUnion) AppendMap(key string) types.Field { panic("Unsupported operation") } 72 | func (_ *PodIdUnion) AppendArray() types.Field { panic("Unsupported operation") } 73 | func (_ *PodIdUnion) Finalize() {} 74 | 75 | func (r *PodIdUnion) MarshalJSON() ([]byte, error) { 76 | if r == nil { 77 | return []byte("null"), nil 78 | } 79 | switch r.UnionType { 80 | case PodIdUnionTypeEnumString: 81 | return json.Marshal(map[string]interface{}{"string": r.String}) 82 | } 83 | return nil, fmt.Errorf("invalid value for *PodIdUnion") 84 | } 85 | 86 | func (r *PodIdUnion) UnmarshalJSON(data []byte) error { 87 | var fields map[string]json.RawMessage 88 | if err := json.Unmarshal(data, &fields); err != nil { 89 | return err 90 | } 91 | if value, ok := fields["string"]; ok { 92 | r.UnionType = 1 93 | return json.Unmarshal([]byte(value), &r.String) 94 | } 95 | return fmt.Errorf("invalid value for *PodIdUnion") 96 | } 97 | -------------------------------------------------------------------------------- /go/sfgo/poid_union.go: -------------------------------------------------------------------------------- 1 | // Code generated by github.com/actgardner/gogen-avro/v7. DO NOT EDIT. 2 | /* 3 | * SOURCE: 4 | * SysFlow.avsc 5 | */ 6 | package sfgo 7 | 8 | import ( 9 | "encoding/json" 10 | "fmt" 11 | "io" 12 | 13 | "github.com/actgardner/gogen-avro/v7/vm" 14 | "github.com/actgardner/gogen-avro/v7/vm/types" 15 | ) 16 | 17 | type PoidUnionTypeEnum int 18 | 19 | const ( 20 | PoidUnionTypeEnumOID PoidUnionTypeEnum = 1 21 | ) 22 | 23 | type PoidUnion struct { 24 | Null *types.NullVal 25 | OID *OID 26 | UnionType PoidUnionTypeEnum 27 | } 28 | 29 | func writePoidUnion(r *PoidUnion, w io.Writer) error { 30 | 31 | if r == nil { 32 | err := vm.WriteLong(0, w) 33 | return err 34 | } 35 | 36 | err := vm.WriteLong(int64(r.UnionType), w) 37 | if err != nil { 38 | return err 39 | } 40 | switch r.UnionType { 41 | case PoidUnionTypeEnumOID: 42 | return writeOID(r.OID, w) 43 | } 44 | return fmt.Errorf("invalid value for *PoidUnion") 45 | } 46 | 47 | func NewPoidUnion() *PoidUnion { 48 | return &PoidUnion{} 49 | } 50 | 51 | func (_ *PoidUnion) SetBoolean(v bool) { panic("Unsupported operation") } 52 | func (_ *PoidUnion) SetInt(v int32) { panic("Unsupported operation") } 53 | func (_ *PoidUnion) SetFloat(v float32) { panic("Unsupported operation") } 54 | func (_ *PoidUnion) SetDouble(v float64) { panic("Unsupported operation") } 55 | func (_ *PoidUnion) SetBytes(v []byte) { panic("Unsupported operation") } 56 | func (_ *PoidUnion) SetString(v string) { panic("Unsupported operation") } 57 | func (r *PoidUnion) SetLong(v int64) { 58 | r.UnionType = (PoidUnionTypeEnum)(v) 59 | } 60 | func (r *PoidUnion) Get(i int) types.Field { 61 | switch i { 62 | case 0: 63 | return r.Null 64 | case 1: 65 | r.OID = NewOID() 66 | return r.OID 67 | } 68 | panic("Unknown field index") 69 | } 70 | func (_ *PoidUnion) NullField(i int) { panic("Unsupported operation") } 71 | func (_ *PoidUnion) SetDefault(i int) { panic("Unsupported operation") } 72 | func (_ *PoidUnion) AppendMap(key string) types.Field { panic("Unsupported operation") } 73 | func (_ *PoidUnion) AppendArray() types.Field { panic("Unsupported operation") } 74 | func (_ *PoidUnion) Finalize() {} 75 | 76 | func (r *PoidUnion) MarshalJSON() ([]byte, error) { 77 | if r == nil { 78 | return []byte("null"), nil 79 | } 80 | switch r.UnionType { 81 | case PoidUnionTypeEnumOID: 82 | return json.Marshal(map[string]interface{}{"OID": r.OID}) 83 | } 84 | return nil, fmt.Errorf("invalid value for *PoidUnion") 85 | } 86 | 87 | func (r *PoidUnion) UnmarshalJSON(data []byte) error { 88 | var fields map[string]json.RawMessage 89 | if err := json.Unmarshal(data, &fields); err != nil { 90 | return err 91 | } 92 | if value, ok := fields["OID"]; ok { 93 | r.UnionType = 1 94 | return json.Unmarshal([]byte(value), &r.OID) 95 | } 96 | return fmt.Errorf("invalid value for *PoidUnion") 97 | } 98 | -------------------------------------------------------------------------------- /go/sfgo/port_container.go: -------------------------------------------------------------------------------- 1 | // Code generated by github.com/actgardner/gogen-avro/v7. DO NOT EDIT. 2 | /* 3 | * SOURCE: 4 | * SysFlow.avsc 5 | */ 6 | package sfgo 7 | 8 | import ( 9 | "io" 10 | 11 | "github.com/actgardner/gogen-avro/v7/compiler" 12 | "github.com/actgardner/gogen-avro/v7/container" 13 | "github.com/actgardner/gogen-avro/v7/vm" 14 | ) 15 | 16 | func NewPortWriter(writer io.Writer, codec container.Codec, recordsPerBlock int64) (*container.Writer, error) { 17 | str := NewPort() 18 | return container.NewWriter(writer, codec, recordsPerBlock, str.Schema()) 19 | } 20 | 21 | // container reader 22 | type PortReader struct { 23 | r io.Reader 24 | p *vm.Program 25 | } 26 | 27 | func NewPortReader(r io.Reader) (*PortReader, error) { 28 | containerReader, err := container.NewReader(r) 29 | if err != nil { 30 | return nil, err 31 | } 32 | 33 | t := NewPort() 34 | deser, err := compiler.CompileSchemaBytes([]byte(containerReader.AvroContainerSchema()), []byte(t.Schema())) 35 | if err != nil { 36 | return nil, err 37 | } 38 | 39 | return &PortReader{ 40 | r: containerReader, 41 | p: deser, 42 | }, nil 43 | } 44 | 45 | func (r PortReader) Read() (*Port, error) { 46 | t := NewPort() 47 | err := vm.Eval(r.r, r.p, t) 48 | return t, err 49 | } 50 | -------------------------------------------------------------------------------- /go/sfgo/process_container.go: -------------------------------------------------------------------------------- 1 | // Code generated by github.com/actgardner/gogen-avro/v7. DO NOT EDIT. 2 | /* 3 | * SOURCE: 4 | * SysFlow.avsc 5 | */ 6 | package sfgo 7 | 8 | import ( 9 | "io" 10 | 11 | "github.com/actgardner/gogen-avro/v7/compiler" 12 | "github.com/actgardner/gogen-avro/v7/container" 13 | "github.com/actgardner/gogen-avro/v7/vm" 14 | ) 15 | 16 | func NewProcessWriter(writer io.Writer, codec container.Codec, recordsPerBlock int64) (*container.Writer, error) { 17 | str := NewProcess() 18 | return container.NewWriter(writer, codec, recordsPerBlock, str.Schema()) 19 | } 20 | 21 | // container reader 22 | type ProcessReader struct { 23 | r io.Reader 24 | p *vm.Program 25 | } 26 | 27 | func NewProcessReader(r io.Reader) (*ProcessReader, error) { 28 | containerReader, err := container.NewReader(r) 29 | if err != nil { 30 | return nil, err 31 | } 32 | 33 | t := NewProcess() 34 | deser, err := compiler.CompileSchemaBytes([]byte(containerReader.AvroContainerSchema()), []byte(t.Schema())) 35 | if err != nil { 36 | return nil, err 37 | } 38 | 39 | return &ProcessReader{ 40 | r: containerReader, 41 | p: deser, 42 | }, nil 43 | } 44 | 45 | func (r ProcessReader) Read() (*Process, error) { 46 | t := NewProcess() 47 | err := vm.Eval(r.r, r.p, t) 48 | return t, err 49 | } 50 | -------------------------------------------------------------------------------- /go/sfgo/process_event_container.go: -------------------------------------------------------------------------------- 1 | // Code generated by github.com/actgardner/gogen-avro/v7. DO NOT EDIT. 2 | /* 3 | * SOURCE: 4 | * SysFlow.avsc 5 | */ 6 | package sfgo 7 | 8 | import ( 9 | "io" 10 | 11 | "github.com/actgardner/gogen-avro/v7/compiler" 12 | "github.com/actgardner/gogen-avro/v7/container" 13 | "github.com/actgardner/gogen-avro/v7/vm" 14 | ) 15 | 16 | func NewProcessEventWriter(writer io.Writer, codec container.Codec, recordsPerBlock int64) (*container.Writer, error) { 17 | str := NewProcessEvent() 18 | return container.NewWriter(writer, codec, recordsPerBlock, str.Schema()) 19 | } 20 | 21 | // container reader 22 | type ProcessEventReader struct { 23 | r io.Reader 24 | p *vm.Program 25 | } 26 | 27 | func NewProcessEventReader(r io.Reader) (*ProcessEventReader, error) { 28 | containerReader, err := container.NewReader(r) 29 | if err != nil { 30 | return nil, err 31 | } 32 | 33 | t := NewProcessEvent() 34 | deser, err := compiler.CompileSchemaBytes([]byte(containerReader.AvroContainerSchema()), []byte(t.Schema())) 35 | if err != nil { 36 | return nil, err 37 | } 38 | 39 | return &ProcessEventReader{ 40 | r: containerReader, 41 | p: deser, 42 | }, nil 43 | } 44 | 45 | func (r ProcessEventReader) Read() (*ProcessEvent, error) { 46 | t := NewProcessEvent() 47 | err := vm.Eval(r.r, r.p, t) 48 | return t, err 49 | } 50 | -------------------------------------------------------------------------------- /go/sfgo/process_flow_container.go: -------------------------------------------------------------------------------- 1 | // Code generated by github.com/actgardner/gogen-avro/v7. DO NOT EDIT. 2 | /* 3 | * SOURCE: 4 | * SysFlow.avsc 5 | */ 6 | package sfgo 7 | 8 | import ( 9 | "io" 10 | 11 | "github.com/actgardner/gogen-avro/v7/compiler" 12 | "github.com/actgardner/gogen-avro/v7/container" 13 | "github.com/actgardner/gogen-avro/v7/vm" 14 | ) 15 | 16 | func NewProcessFlowWriter(writer io.Writer, codec container.Codec, recordsPerBlock int64) (*container.Writer, error) { 17 | str := NewProcessFlow() 18 | return container.NewWriter(writer, codec, recordsPerBlock, str.Schema()) 19 | } 20 | 21 | // container reader 22 | type ProcessFlowReader struct { 23 | r io.Reader 24 | p *vm.Program 25 | } 26 | 27 | func NewProcessFlowReader(r io.Reader) (*ProcessFlowReader, error) { 28 | containerReader, err := container.NewReader(r) 29 | if err != nil { 30 | return nil, err 31 | } 32 | 33 | t := NewProcessFlow() 34 | deser, err := compiler.CompileSchemaBytes([]byte(containerReader.AvroContainerSchema()), []byte(t.Schema())) 35 | if err != nil { 36 | return nil, err 37 | } 38 | 39 | return &ProcessFlowReader{ 40 | r: containerReader, 41 | p: deser, 42 | }, nil 43 | } 44 | 45 | func (r ProcessFlowReader) Read() (*ProcessFlow, error) { 46 | t := NewProcessFlow() 47 | err := vm.Eval(r.r, r.p, t) 48 | return t, err 49 | } 50 | -------------------------------------------------------------------------------- /go/sfgo/proto.go: -------------------------------------------------------------------------------- 1 | package sfgo 2 | 3 | const ( 4 | // protocol 5 | tcp = "tcp" 6 | udp = "udp" 7 | icmp = "icmp" 8 | raw = "raw" 9 | 10 | // sock family 11 | ip = "ip" 12 | unix = "unix" 13 | ) 14 | -------------------------------------------------------------------------------- /go/sfgo/record_type.go: -------------------------------------------------------------------------------- 1 | package sfgo 2 | 3 | import "errors" 4 | 5 | // SFObjectType denotes a sysflow record type. 6 | type SFObjectType = RecUnionTypeEnum 7 | 8 | // SysFlow object types. 9 | const ( 10 | TyPStr string = "P" 11 | TyFStr string = "F" 12 | TyCStr string = "C" 13 | TyHStr string = "H" 14 | TyPEStr string = "PE" 15 | TyPFStr string = "PF" 16 | TyFEStr string = "FE" 17 | TyFFStr string = "FF" 18 | TyNEStr string = "NE" 19 | TyNFStr string = "NF" 20 | TyPDStr string = "PD" 21 | TyKEStr string = "KE" 22 | TyUnknownStr string = "" 23 | ) 24 | 25 | // RecordType enumeration. 26 | const ( 27 | SF_HEADER SFObjectType = RecUnionTypeEnumSFHeader 28 | SF_CONT SFObjectType = RecUnionTypeEnumContainer 29 | SF_PROCESS SFObjectType = RecUnionTypeEnumProcess 30 | SF_FILE SFObjectType = RecUnionTypeEnumFile 31 | SF_PROC_EVT SFObjectType = RecUnionTypeEnumProcessEvent 32 | SF_NET_FLOW SFObjectType = RecUnionTypeEnumNetworkFlow 33 | SF_FILE_FLOW SFObjectType = RecUnionTypeEnumFileFlow 34 | SF_FILE_EVT SFObjectType = RecUnionTypeEnumFileEvent 35 | SF_NET_EVT SFObjectType = RecUnionTypeEnumNetworkEvent 36 | SF_PROC_FLOW SFObjectType = RecUnionTypeEnumProcessFlow 37 | SF_POD SFObjectType = RecUnionTypeEnumPod 38 | SF_K8S_EVT SFObjectType = RecUnionTypeEnumK8sEvent 39 | SF_UNKNOWN SFObjectType = RecUnionTypeEnumK8sEvent + 1 40 | 41 | HEADER int64 = int64(RecUnionTypeEnumSFHeader) 42 | CONT int64 = int64(RecUnionTypeEnumContainer) 43 | PROC int64 = int64(RecUnionTypeEnumProcess) 44 | FILE int64 = int64(RecUnionTypeEnumFile) 45 | PROC_EVT int64 = int64(RecUnionTypeEnumProcessEvent) 46 | NET_FLOW int64 = int64(RecUnionTypeEnumNetworkFlow) 47 | FILE_FLOW int64 = int64(RecUnionTypeEnumFileFlow) 48 | FILE_EVT int64 = int64(RecUnionTypeEnumFileEvent) 49 | NET_EVT int64 = int64(RecUnionTypeEnumNetworkEvent) 50 | PROC_FLOW int64 = int64(RecUnionTypeEnumProcessFlow) 51 | POD int64 = int64(RecUnionTypeEnumPod) 52 | K8S_EVT int64 = int64(RecUnionTypeEnumK8sEvent) 53 | ) 54 | 55 | func (s SFObjectType) String() string { 56 | return [...]string{TyHStr, TyCStr, TyPStr, TyFStr, TyPEStr, TyNFStr, TyFFStr, TyFEStr, TyNEStr, TyPFStr, TyPDStr, TyKEStr, TyUnknownStr}[s] 57 | } 58 | 59 | // ParseRecordTypeStr converts a valide string rtype into its enum type. 60 | func ParseRecordTypeStr(rtype string) (SFObjectType, error) { 61 | switch rtype { 62 | case TyPEStr: 63 | return SF_PROC_EVT, nil 64 | case TyFFStr: 65 | return SF_FILE_FLOW, nil 66 | case TyNFStr: 67 | return SF_NET_FLOW, nil 68 | case TyFEStr: 69 | return SF_FILE_EVT, nil 70 | case TyPFStr: 71 | return SF_PROC_FLOW, nil 72 | case TyPStr: 73 | return SF_PROCESS, nil 74 | case TyFStr: 75 | return SF_FILE, nil 76 | case TyCStr: 77 | return SF_CONT, nil 78 | case TyHStr: 79 | return SF_HEADER, nil 80 | case TyNEStr: 81 | return SF_NET_EVT, nil 82 | case TyPDStr: 83 | return SF_POD, nil 84 | case TyKEStr: 85 | return SF_K8S_EVT, nil 86 | default: 87 | return SF_UNKNOWN, errors.New("unrecognized string rtype") 88 | } 89 | } 90 | 91 | // ParseRecordType converts a numerical flat rtype into a RecordType enum. 92 | func ParseRecordType(rtype int64) (SFObjectType, error) { 93 | r := SFObjectType(rtype) 94 | 95 | if r >= 0 && r < SF_UNKNOWN { 96 | return r, nil 97 | } 98 | return SF_UNKNOWN, errors.New("unrecognized record type") 99 | } 100 | -------------------------------------------------------------------------------- /go/sfgo/service_container.go: -------------------------------------------------------------------------------- 1 | // Code generated by github.com/actgardner/gogen-avro/v7. DO NOT EDIT. 2 | /* 3 | * SOURCE: 4 | * SysFlow.avsc 5 | */ 6 | package sfgo 7 | 8 | import ( 9 | "io" 10 | 11 | "github.com/actgardner/gogen-avro/v7/compiler" 12 | "github.com/actgardner/gogen-avro/v7/container" 13 | "github.com/actgardner/gogen-avro/v7/vm" 14 | ) 15 | 16 | func NewServiceWriter(writer io.Writer, codec container.Codec, recordsPerBlock int64) (*container.Writer, error) { 17 | str := NewService() 18 | return container.NewWriter(writer, codec, recordsPerBlock, str.Schema()) 19 | } 20 | 21 | // container reader 22 | type ServiceReader struct { 23 | r io.Reader 24 | p *vm.Program 25 | } 26 | 27 | func NewServiceReader(r io.Reader) (*ServiceReader, error) { 28 | containerReader, err := container.NewReader(r) 29 | if err != nil { 30 | return nil, err 31 | } 32 | 33 | t := NewService() 34 | deser, err := compiler.CompileSchemaBytes([]byte(containerReader.AvroContainerSchema()), []byte(t.Schema())) 35 | if err != nil { 36 | return nil, err 37 | } 38 | 39 | return &ServiceReader{ 40 | r: containerReader, 41 | p: deser, 42 | }, nil 43 | } 44 | 45 | func (r ServiceReader) Read() (*Service, error) { 46 | t := NewService() 47 | err := vm.Eval(r.r, r.p, t) 48 | return t, err 49 | } 50 | -------------------------------------------------------------------------------- /go/sfgo/sf_header_container.go: -------------------------------------------------------------------------------- 1 | // Code generated by github.com/actgardner/gogen-avro/v7. DO NOT EDIT. 2 | /* 3 | * SOURCE: 4 | * SysFlow.avsc 5 | */ 6 | package sfgo 7 | 8 | import ( 9 | "io" 10 | 11 | "github.com/actgardner/gogen-avro/v7/compiler" 12 | "github.com/actgardner/gogen-avro/v7/container" 13 | "github.com/actgardner/gogen-avro/v7/vm" 14 | ) 15 | 16 | func NewSFHeaderWriter(writer io.Writer, codec container.Codec, recordsPerBlock int64) (*container.Writer, error) { 17 | str := NewSFHeader() 18 | return container.NewWriter(writer, codec, recordsPerBlock, str.Schema()) 19 | } 20 | 21 | // container reader 22 | type SFHeaderReader struct { 23 | r io.Reader 24 | p *vm.Program 25 | } 26 | 27 | func NewSFHeaderReader(r io.Reader) (*SFHeaderReader, error) { 28 | containerReader, err := container.NewReader(r) 29 | if err != nil { 30 | return nil, err 31 | } 32 | 33 | t := NewSFHeader() 34 | deser, err := compiler.CompileSchemaBytes([]byte(containerReader.AvroContainerSchema()), []byte(t.Schema())) 35 | if err != nil { 36 | return nil, err 37 | } 38 | 39 | return &SFHeaderReader{ 40 | r: containerReader, 41 | p: deser, 42 | }, nil 43 | } 44 | 45 | func (r SFHeaderReader) Read() (*SFHeader, error) { 46 | t := NewSFHeader() 47 | err := vm.Eval(r.r, r.p, t) 48 | return t, err 49 | } 50 | -------------------------------------------------------------------------------- /go/sfgo/sf_object_state.go: -------------------------------------------------------------------------------- 1 | // Code generated by github.com/actgardner/gogen-avro/v7. DO NOT EDIT. 2 | /* 3 | * SOURCE: 4 | * SysFlow.avsc 5 | */ 6 | package sfgo 7 | 8 | import ( 9 | "encoding/json" 10 | "fmt" 11 | "io" 12 | 13 | "github.com/actgardner/gogen-avro/v7/vm" 14 | "github.com/actgardner/gogen-avro/v7/vm/types" 15 | ) 16 | 17 | type SFObjectState int32 18 | 19 | const ( 20 | SFObjectStateCREATED SFObjectState = 0 21 | SFObjectStateMODIFIED SFObjectState = 1 22 | SFObjectStateREUP SFObjectState = 2 23 | ) 24 | 25 | func (e SFObjectState) String() string { 26 | switch e { 27 | case SFObjectStateCREATED: 28 | return "CREATED" 29 | case SFObjectStateMODIFIED: 30 | return "MODIFIED" 31 | case SFObjectStateREUP: 32 | return "REUP" 33 | } 34 | return "unknown" 35 | } 36 | 37 | func writeSFObjectState(r SFObjectState, w io.Writer) error { 38 | return vm.WriteInt(int32(r), w) 39 | } 40 | 41 | func NewSFObjectStateValue(raw string) (r SFObjectState, err error) { 42 | switch raw { 43 | case "CREATED": 44 | return SFObjectStateCREATED, nil 45 | case "MODIFIED": 46 | return SFObjectStateMODIFIED, nil 47 | case "REUP": 48 | return SFObjectStateREUP, nil 49 | } 50 | 51 | return -1, fmt.Errorf("invalid value for SFObjectState: '%s'", raw) 52 | } 53 | 54 | func (b *SFObjectState) MarshalJSON() ([]byte, error) { 55 | return json.Marshal(b.String()) 56 | } 57 | 58 | func (b *SFObjectState) UnmarshalJSON(data []byte) error { 59 | var stringVal string 60 | err := json.Unmarshal(data, &stringVal) 61 | if err != nil { 62 | return err 63 | } 64 | val, err := NewSFObjectStateValue(stringVal) 65 | *b = val 66 | return err 67 | } 68 | 69 | type SFObjectStateWrapper struct { 70 | Target *SFObjectState 71 | } 72 | 73 | func (b *SFObjectStateWrapper) SetBoolean(v bool) { 74 | panic("Unable to assign boolean to int field") 75 | } 76 | 77 | func (b *SFObjectStateWrapper) SetInt(v int32) { 78 | *(b.Target) = SFObjectState(v) 79 | } 80 | 81 | func (b *SFObjectStateWrapper) SetLong(v int64) { 82 | panic("Unable to assign long to int field") 83 | } 84 | 85 | func (b *SFObjectStateWrapper) SetFloat(v float32) { 86 | panic("Unable to assign float to int field") 87 | } 88 | 89 | func (b *SFObjectStateWrapper) SetUnionElem(v int64) { 90 | panic("Unable to assign union elem to int field") 91 | } 92 | 93 | func (b *SFObjectStateWrapper) SetDouble(v float64) { 94 | panic("Unable to assign double to int field") 95 | } 96 | 97 | func (b *SFObjectStateWrapper) SetBytes(v []byte) { 98 | panic("Unable to assign bytes to int field") 99 | } 100 | 101 | func (b *SFObjectStateWrapper) SetString(v string) { 102 | panic("Unable to assign string to int field") 103 | } 104 | 105 | func (b *SFObjectStateWrapper) Get(i int) types.Field { 106 | panic("Unable to get field from int field") 107 | } 108 | 109 | func (b *SFObjectStateWrapper) SetDefault(i int) { 110 | panic("Unable to set default on int field") 111 | } 112 | 113 | func (b *SFObjectStateWrapper) AppendMap(key string) types.Field { 114 | panic("Unable to append map key to from int field") 115 | } 116 | 117 | func (b *SFObjectStateWrapper) AppendArray() types.Field { 118 | panic("Unable to append array element to from int field") 119 | } 120 | 121 | func (b *SFObjectStateWrapper) NullField(int) { 122 | panic("Unable to null field in int field") 123 | } 124 | 125 | func (b *SFObjectStateWrapper) Finalize() {} 126 | -------------------------------------------------------------------------------- /go/sfgo/sys_flow_container.go: -------------------------------------------------------------------------------- 1 | // Code generated by github.com/actgardner/gogen-avro/v7. DO NOT EDIT. 2 | /* 3 | * SOURCE: 4 | * SysFlow.avsc 5 | */ 6 | package sfgo 7 | 8 | import ( 9 | "io" 10 | 11 | "github.com/actgardner/gogen-avro/v7/compiler" 12 | "github.com/actgardner/gogen-avro/v7/container" 13 | "github.com/actgardner/gogen-avro/v7/vm" 14 | ) 15 | 16 | func NewSysFlowWriter(writer io.Writer, codec container.Codec, recordsPerBlock int64) (*container.Writer, error) { 17 | str := NewSysFlow() 18 | return container.NewWriter(writer, codec, recordsPerBlock, str.Schema()) 19 | } 20 | 21 | // container reader 22 | type SysFlowReader struct { 23 | r io.Reader 24 | p *vm.Program 25 | } 26 | 27 | func NewSysFlowReader(r io.Reader) (*SysFlowReader, error) { 28 | containerReader, err := container.NewReader(r) 29 | if err != nil { 30 | return nil, err 31 | } 32 | 33 | t := NewSysFlow() 34 | deser, err := compiler.CompileSchemaBytes([]byte(containerReader.AvroContainerSchema()), []byte(t.Schema())) 35 | if err != nil { 36 | return nil, err 37 | } 38 | 39 | return &SysFlowReader{ 40 | r: containerReader, 41 | p: deser, 42 | }, nil 43 | } 44 | 45 | func (r SysFlowReader) Read() (*SysFlow, error) { 46 | t := NewSysFlow() 47 | err := vm.Eval(r.r, r.p, t) 48 | return t, err 49 | } 50 | -------------------------------------------------------------------------------- /go/utils/intset.go: -------------------------------------------------------------------------------- 1 | // 2 | // Copyright (C) 2021 IBM Corporation. 3 | // 4 | // Authors: 5 | // Frederico Araujo 6 | // Teryl Taylor 7 | // 8 | // Licensed under the Apache License, Version 2.0 (the "License"); 9 | // you may not use this file except in compliance with the License. 10 | // You may obtain a copy of the License at 11 | // 12 | // http://www.apache.org/licenses/LICENSE-2.0 13 | // 14 | // Unless required by applicable law or agreed to in writing, software 15 | // distributed under the License is distributed on an "AS IS" BASIS, 16 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 17 | // See the License for the specific language governing permissions and 18 | // limitations under the License. 19 | 20 | // Package utils implements common utilities and data structures. 21 | package utils 22 | 23 | // Int64Set defines a set data structure. 24 | type Int64Set struct { 25 | m map[int64]struct{} 26 | } 27 | 28 | // NewSet creates a new set. 29 | func NewInt64Set(values ...int64) *Int64Set { 30 | s := &Int64Set{} 31 | s.m = make(map[int64]struct{}) 32 | for _, v := range values { 33 | s.Add(v) 34 | } 35 | return s 36 | } 37 | 38 | // Add adds an element to the set. 39 | func (s *Int64Set) Add(value int64) { 40 | s.m[value] = exists 41 | } 42 | 43 | // Remove remoces an element from the set. 44 | func (s *Int64Set) Remove(value int64) { 45 | delete(s.m, value) 46 | } 47 | 48 | // Contains checks if value is in the set. 49 | func (s *Int64Set) Contains(value int64) bool { 50 | _, c := s.m[value] 51 | return c 52 | } 53 | 54 | // Len returns the number of elements in the set. 55 | func (s *Int64Set) Len() int { 56 | return len(s.m) 57 | } 58 | 59 | // IsSubset checks if set s is a subset of l. 60 | func (s *Int64Set) IsSubset(l *Int64Set) bool { 61 | for k := range s.m { 62 | if !l.Contains(k) { 63 | return false 64 | } 65 | } 66 | return true 67 | } 68 | -------------------------------------------------------------------------------- /go/utils/set.go: -------------------------------------------------------------------------------- 1 | // 2 | // Copyright (C) 2021 IBM Corporation. 3 | // 4 | // Authors: 5 | // Frederico Araujo 6 | // Teryl Taylor 7 | // 8 | // Licensed under the Apache License, Version 2.0 (the "License"); 9 | // you may not use this file except in compliance with the License. 10 | // You may obtain a copy of the License at 11 | // 12 | // http://www.apache.org/licenses/LICENSE-2.0 13 | // 14 | // Unless required by applicable law or agreed to in writing, software 15 | // distributed under the License is distributed on an "AS IS" BASIS, 16 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 17 | // See the License for the specific language governing permissions and 18 | // limitations under the License. 19 | 20 | // Package utils implements common utilities and data structures. 21 | package utils 22 | 23 | var exists = struct{}{} 24 | 25 | // Set defines a set data structure. 26 | type Set struct { 27 | m map[string]struct{} 28 | } 29 | 30 | // NewSet creates a new set. 31 | func NewSet(values ...string) *Set { 32 | s := &Set{} 33 | s.m = make(map[string]struct{}) 34 | for _, v := range values { 35 | s.Add(v) 36 | } 37 | return s 38 | } 39 | 40 | // Add adds an element to the set. 41 | func (s *Set) Add(value string) { 42 | s.m[value] = exists 43 | } 44 | 45 | // Remove remoces an element from the set. 46 | func (s *Set) Remove(value string) { 47 | delete(s.m, value) 48 | } 49 | 50 | // Contains checks if value is in the set. 51 | func (s *Set) Contains(value string) bool { 52 | _, c := s.m[value] 53 | return c 54 | } 55 | 56 | // Len returns the number of elements in the set. 57 | func (s *Set) Len() int { 58 | return len(s.m) 59 | } 60 | 61 | // IsSubset checks if set s is a subset of l. 62 | func (s *Set) IsSubset(l *Set) bool { 63 | for k := range s.m { 64 | if !l.Contains(k) { 65 | return false 66 | } 67 | } 68 | return true 69 | } 70 | -------------------------------------------------------------------------------- /py3/README.md: -------------------------------------------------------------------------------- 1 | # SysFlow SDK and Utilities 2 | 3 | This package includes the SDK and command-line utilities for [SysFlow](https://sysflow.io). 4 | 5 | ## Minimum requirements 6 | 7 | Python 3.7 or higher. 8 | 9 | ## Installation 10 | 11 | ```bash 12 | pip3 install sysflow-tools 13 | ``` 14 | 15 | ## About this package 16 | 17 | This Python package includes: 18 | 19 | - **sysprint**, a command-line utility that reads, prints, and converts SysFlow traces to human-readale outputs, including console, JSON, and CSV formats. It supports reading traces from local disk and from S3-compliant object stores. 20 | 21 | - **sysflow library**, a Python package for programming data exploration and analytics with SysFlow. It includes data manipulation using Pandas dataframes and a native query language (`sfql`) with macro support. 22 | 23 | Check [Sysflow APIs](https://sysflow.readthedocs.io/en/latest/api-utils.html) for programmatic APIs and more information about sysprint. 24 | 25 | ## How to use sysprint 26 | 27 | The following command shows how to run sysprint with trace files located in `/mnt/data` on the host. 28 | 29 | ```bash 30 | sysprint /mnt/data/ 31 | ``` 32 | 33 | For help and advanced options, run: 34 | 35 | ```bash 36 | sysprint -h 37 | ``` 38 | 39 | ## What is SysFlow? 40 | 41 | The SysFlow Telemetry Pipeline is a framework for monitoring cloud workloads and for creating performance and security analytics. The goal of this project is to build all the plumbing required for system telemetry so that users can focus on writing and sharing analytics on a scalable, common open-source platform. The backbone of the telemetry pipeline is a new data format called SysFlow, which lifts raw system event information into an abstraction that describes process behaviors, and their relationships with containers, files, and network. This object-relational format is highly compact, yet it provides broad visibility into container clouds. We have also built several APIs that allow users to process SysFlow with their favorite toolkits. Learn more about SysFlow in the [SysFlow specification document](https://sysflow.readthedocs.io/en/latest/spec.html). 42 | 43 | The SysFlow framework consists of the following sub-projects: 44 | 45 | - [sf-apis](https://github.com/sysflow-telemetry/sf-apis) provides the SysFlow schema and programatic APIs in go, python, and C++. 46 | - [sf-collector](https://github.com/sysflow-telemetry/sf-collector) monitors and collects system call and event information from hosts and exports them in the SysFlow format using Apache Avro object serialization. 47 | - [sf-processor](https://github.com/sysflow-telemetry/sf-processor) provides a performance optimized policy engine for processing, enriching, filtering SysFlow events, generating alerts, and exporting the processed data to various targets. 48 | - [sf-exporter](https://github.com/sysflow-telemetry/sf-exporter) exports SysFlow traces to S3-compliant storage systems for archival purposes. 49 | - [sf-deployments](https://github.com/sysflow-telemetry/sf-deployments) contains deployment packages for SysFlow, including Docker, Helm, and OpenShift. 50 | - [sysflow](https://github.com/sysflow-telemetry/sysflow) is the documentation repository and issue tracker for the SysFlow framework. 51 | 52 | 53 | -------------------------------------------------------------------------------- /py3/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysflow-telemetry/sf-apis/382270fa878cd723d7336184abc998981f8444a4/py3/__init__.py -------------------------------------------------------------------------------- /py3/classes/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | # 3 | # Copyright (C) 2019 IBM Corporation. 4 | # 5 | # Authors: 6 | # Frederico Araujo 7 | # Teryl Taylor 8 | # 9 | # Licensed under the Apache License, Version 2.0 (the "License"); 10 | # you may not use this file except in compliance with the License. 11 | # You may obtain a copy of the License at 12 | # 13 | # http://www.apache.org/licenses/LICENSE-2.0 14 | # 15 | # Unless required by applicable law or agreed to in writing, software 16 | # distributed under the License is distributed on an "AS IS" BASIS, 17 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | # See the License for the specific language governing permissions and 19 | # limitations under the License. 20 | # 21 | -------------------------------------------------------------------------------- /py3/classes/sysflow/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | # 3 | # Copyright (C) 2022 IBM Corporation. 4 | # 5 | # Authors: 6 | # Frederico Araujo 7 | # Teryl Taylor 8 | # 9 | # Licensed under the Apache License, Version 2.0 (the "License"); 10 | # you may not use this file except in compliance with the License. 11 | # You may obtain a copy of the License at 12 | # 13 | # http://www.apache.org/licenses/LICENSE-2.0 14 | # 15 | # Unless required by applicable law or agreed to in writing, software 16 | # distributed under the License is distributed on an "AS IS" BASIS, 17 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | # See the License for the specific language governing permissions and 19 | # limitations under the License. 20 | # 21 | try: 22 | from importlib.metadata import version, PackageNotFoundError 23 | except ModuleNotFoundError: 24 | from importlib_metadata import version, PackageNotFoundError 25 | 26 | __version__ = '' 27 | try: 28 | __version__ = version('sysflow-tools') 29 | except PackageNotFoundError: 30 | # package is not installed 31 | pass 32 | -------------------------------------------------------------------------------- /py3/classes/sysflow/grammar/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysflow-telemetry/sf-apis/382270fa878cd723d7336184abc998981f8444a4/py3/classes/sysflow/grammar/__init__.py -------------------------------------------------------------------------------- /py3/classes/sysflow/grammar/generate.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | antlr4='java -Xmx500M -cp ".:/usr/local/lib/antlr-4.9.2-complete.jar:$CLASSPATH" org.antlr.v4.Tool' 4 | grun='java -Xmx500M -cp ".:/usr/local/lib/antlr-4.9.2-complete.jar:$CLASSPATH" org.antlr.v4.gui.TestRig' 5 | 6 | $antlr4 -Dlanguage=Python3 sfql.g4 -------------------------------------------------------------------------------- /py3/classes/sysflow/grammar/sfql.tokens: -------------------------------------------------------------------------------- 1 | QUERY=1 2 | RULE=2 3 | MACRO=3 4 | LIST=4 5 | ITEMS=5 6 | COND=6 7 | DESC=7 8 | ACTION=8 9 | PRIORITY=9 10 | TAGS=10 11 | AND=11 12 | OR=12 13 | NOT=13 14 | LT=14 15 | LE=15 16 | GT=16 17 | GE=17 18 | EQ=18 19 | NEQ=19 20 | IN=20 21 | CONTAINS=21 22 | ICONTAINS=22 23 | STARTSWITH=23 24 | PMATCH=24 25 | EXISTS=25 26 | LBRACK=26 27 | RBRACK=27 28 | LPAREN=28 29 | RPAREN=29 30 | LISTSEP=30 31 | DECL=31 32 | DEF=32 33 | SEVERITY=33 34 | ID=34 35 | NUMBER=35 36 | PATH=36 37 | TAG=37 38 | STRING=38 39 | WS=39 40 | NL=40 41 | COMMENT=41 42 | ANY=42 43 | 'sfql'=1 44 | 'rule'=2 45 | 'macro'=3 46 | 'list'=4 47 | 'items'=5 48 | 'condition'=6 49 | 'desc'=7 50 | 'action'=8 51 | 'priority'=9 52 | 'tags'=10 53 | 'and'=11 54 | 'or'=12 55 | 'not'=13 56 | '<'=14 57 | '<='=15 58 | '>'=16 59 | '>='=17 60 | '='=18 61 | '!='=19 62 | 'in'=20 63 | 'contains'=21 64 | 'icontains'=22 65 | 'startswith'=23 66 | 'pmatch'=24 67 | 'exists'=25 68 | '['=26 69 | ']'=27 70 | '('=28 71 | ')'=29 72 | ','=30 73 | '-'=31 74 | -------------------------------------------------------------------------------- /py3/classes/sysflow/grammar/sfqlLexer.tokens: -------------------------------------------------------------------------------- 1 | QUERY=1 2 | RULE=2 3 | MACRO=3 4 | LIST=4 5 | ITEMS=5 6 | COND=6 7 | DESC=7 8 | ACTION=8 9 | PRIORITY=9 10 | TAGS=10 11 | AND=11 12 | OR=12 13 | NOT=13 14 | LT=14 15 | LE=15 16 | GT=16 17 | GE=17 18 | EQ=18 19 | NEQ=19 20 | IN=20 21 | CONTAINS=21 22 | ICONTAINS=22 23 | STARTSWITH=23 24 | PMATCH=24 25 | EXISTS=25 26 | LBRACK=26 27 | RBRACK=27 28 | LPAREN=28 29 | RPAREN=29 30 | LISTSEP=30 31 | DECL=31 32 | DEF=32 33 | SEVERITY=33 34 | ID=34 35 | NUMBER=35 36 | PATH=36 37 | TAG=37 38 | STRING=38 39 | WS=39 40 | NL=40 41 | COMMENT=41 42 | ANY=42 43 | 'sfql'=1 44 | 'rule'=2 45 | 'macro'=3 46 | 'list'=4 47 | 'items'=5 48 | 'condition'=6 49 | 'desc'=7 50 | 'action'=8 51 | 'priority'=9 52 | 'tags'=10 53 | 'and'=11 54 | 'or'=12 55 | 'not'=13 56 | '<'=14 57 | '<='=15 58 | '>'=16 59 | '>='=17 60 | '='=18 61 | '!='=19 62 | 'in'=20 63 | 'contains'=21 64 | 'icontains'=22 65 | 'startswith'=23 66 | 'pmatch'=24 67 | 'exists'=25 68 | '['=26 69 | ']'=27 70 | '('=28 71 | ')'=29 72 | ','=30 73 | '-'=31 74 | -------------------------------------------------------------------------------- /py3/classes/sysflow/objtypes.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | # 3 | # Copyright (C) 2019 IBM Corporation. 4 | # 5 | # Authors: 6 | # Frederico Araujo 7 | # Teryl Taylor 8 | # 9 | # Licensed under the Apache License, Version 2.0 (the "License"); 10 | # you may not use this file except in compliance with the License. 11 | # You may obtain a copy of the License at 12 | # 13 | # http://www.apache.org/licenses/LICENSE-2.0 14 | # 15 | # Unless required by applicable law or agreed to in writing, software 16 | # distributed under the License is distributed on an "AS IS" BASIS, 17 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | # See the License for the specific language governing permissions and 19 | # limitations under the License. 20 | # 21 | from enum import Enum 22 | 23 | """ 24 | .. module:: sysflow.objtypes 25 | :synopsis: This module represents each entity/flow/event class as a ID, and maps those ids to strings. 26 | .. moduleauthor:: Frederico Araujo, Teryl Taylor 27 | """ 28 | 29 | 30 | class ObjectTypes(Enum): 31 | """ 32 | **ObjectTypes** 33 | 34 | Enumeration representing each of the object types: 35 | HEADER = 0, 36 | CONT = 1, 37 | PROC = 2, 38 | FILE = 3, 39 | PROC_EVT = 4, 40 | NET_FLOW = 5, 41 | FILE_FLOW = 6, 42 | FILE_EVT = 7 43 | PROC_FLOW = 8 44 | POD = 9 45 | K8S_EVT = 10 46 | 47 | """ 48 | 49 | HEADER = 0 50 | CONT = 1 51 | PROC = 2 52 | FILE = 3 53 | PROC_EVT = 4 54 | NET_FLOW = 5 55 | FILE_FLOW = 6 56 | FILE_EVT = 7 57 | NET_EVT = 8 58 | PROC_FLOW = 9 59 | POD = 10 60 | K8S_EVT = 11 61 | 62 | 63 | OBJECT_MAP = { 64 | ObjectTypes.HEADER: "H", 65 | ObjectTypes.CONT: "C", 66 | ObjectTypes.PROC: "P", 67 | ObjectTypes.FILE: "F", 68 | ObjectTypes.PROC_EVT: "PE", 69 | ObjectTypes.NET_FLOW: "NF", 70 | ObjectTypes.FILE_FLOW: "FF", 71 | ObjectTypes.FILE_EVT: "FE", 72 | ObjectTypes.NET_EVT: "NE", 73 | ObjectTypes.PROC_FLOW: "PF", 74 | ObjectTypes.POD: "POD", 75 | ObjectTypes.K8S_EVT: "KE", 76 | } 77 | 78 | OBJ_NAME_MAP = { 79 | "sysflow.entity.SFHeader": ObjectTypes.HEADER, 80 | "sysflow.entity.Container": ObjectTypes.CONT, 81 | "sysflow.entity.Process": ObjectTypes.PROC, 82 | "sysflow.entity.File": ObjectTypes.FILE, 83 | "sysflow.event.ProcessEvent": ObjectTypes.PROC_EVT, 84 | "sysflow.event.FileEvent": ObjectTypes.FILE_EVT, 85 | "sysflow.flow.NetworkFlow": ObjectTypes.NET_FLOW, 86 | "sysflow.flow.FileFlow": ObjectTypes.FILE_FLOW, 87 | "sysflow.event.NetEvent": ObjectTypes.NET_EVT, 88 | "sysflow.flow.ProcessFlow": ObjectTypes.PROC_FLOW, 89 | "sysflow.entity.Pod": ObjectTypes.POD, 90 | "sysflow.event.K8sEvent": ObjectTypes.K8S_EVT, 91 | } 92 | -------------------------------------------------------------------------------- /py3/classes/sysflow/openflags.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | # 3 | # Copyright (C) 2019 IBM Corporation. 4 | # 5 | # Authors: 6 | # Frederico Araujo 7 | # Teryl Taylor 8 | # 9 | # Licensed under the Apache License, Version 2.0 (the "License"); 10 | # you may not use this file except in compliance with the License. 11 | # You may obtain a copy of the License at 12 | # 13 | # http://www.apache.org/licenses/LICENSE-2.0 14 | # 15 | # Unless required by applicable law or agreed to in writing, software 16 | # distributed under the License is distributed on an "AS IS" BASIS, 17 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | # See the License for the specific language governing permissions and 19 | # limitations under the License. 20 | # 21 | """ 22 | .. module:: sysflow.openflags 23 | :synopsis: This module lists all open operations as defined by sysdig's conversions. 24 | .. moduleauthor:: Frederico Araujo, Teryl Taylor 25 | """ 26 | """ 27 | O_NONE = (0) 28 | O_RDONLY = (1 << 0) # Open for reading only 29 | O_WRONLY = (1 << 1) # Open for writing only 30 | O_RDWR = (PPM_O_RDONLY | PPM_O_WRONLY) # Open for reading and writing 31 | O_CREAT = (1 << 2) # Create a new file if it doesn't exist. 32 | O_APPEND = (1 << 3) # If set, the file offset shall be set to the end of the file prior to each write. 33 | O_DSYNC = (1 << 4) 34 | O_EXCL = (1 << 5) 35 | O_NONBLOCK = (1 << 6) 36 | O_SYNC = (1 << 7) 37 | O_TRUNC = (1 << 8) 38 | O_DIRECT = (1 << 9) 39 | O_DIRECTORY = (1 << 10) 40 | O_LARGEFILE = (1 << 11) 41 | O_CLOEXEC = (1 << 12) 42 | """ 43 | O_NONE = 0 44 | O_RDONLY = 1 << 0 # Open for reading only 45 | O_WRONLY = 1 << 1 # Open for writing only 46 | O_RDWR = O_RDONLY | O_WRONLY # Open for reading and writing 47 | O_CREAT = 1 << 2 # Create a new file if it doesn't exist. 48 | O_APPEND = 1 << 3 # If set, the file offset shall be set to the end of the file prior to each write. 49 | O_DSYNC = 1 << 4 50 | O_EXCL = 1 << 5 51 | O_NONBLOCK = 1 << 6 52 | O_SYNC = 1 << 7 53 | O_TRUNC = 1 << 8 54 | O_DIRECT = 1 << 9 55 | O_DIRECTORY = 1 << 10 56 | O_LARGEFILE = 1 << 11 57 | O_CLOEXEC = 1 << 12 58 | -------------------------------------------------------------------------------- /py3/classes/sysflow/opflags.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | # 3 | # Copyright (C) 2019 IBM Corporation. 4 | # 5 | # Authors: 6 | # Frederico Araujo 7 | # Teryl Taylor 8 | # 9 | # Licensed under the Apache License, Version 2.0 (the "License"); 10 | # you may not use this file except in compliance with the License. 11 | # You may obtain a copy of the License at 12 | # 13 | # http://www.apache.org/licenses/LICENSE-2.0 14 | # 15 | # Unless required by applicable law or agreed to in writing, software 16 | # distributed under the License is distributed on an "AS IS" BASIS, 17 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | # See the License for the specific language governing permissions and 19 | # limitations under the License. 20 | # 21 | """ 22 | .. module:: sysflow.opflags 23 | :synopsis: This module lists all operations currently supported by SysFlow. 24 | .. moduleauthor:: Frederico Araujo, Teryl Taylor 25 | """ 26 | """ 27 | OP_CLONE = (1 << 0) 28 | OP_EXEC = (1 << 1) 29 | OP_EXIT = (1 << 2) 30 | OP_SETUID = (1 << 3) 31 | OP_SETNS = (1 << 4) 32 | OP_ACCEPT = (1 << 5) 33 | OP_CONNECT = (1 << 6) 34 | OP_OPEN = (1 << 7) 35 | OP_READ_RECV = (1 << 8) 36 | OP_WRITE_SEND = (1 << 9) 37 | OP_CLOSE = (1 << 10) 38 | OP_TRUNCATE = (1 << 11) 39 | OP_SHUTDOWN = (1 << 12) 40 | OP_MMAP = (1 << 13) 41 | OP_DIGEST = (1 << 14) 42 | OP_MKDIR = (1 << 15) 43 | OP_RMDIR = (1 << 16) 44 | OP_LINK = (1 << 17) 45 | OP_UNLINK = (1 << 18) 46 | OP_SYMLINK = (1 << 19) 47 | OP_RENAME = (1 << 20) 48 | """ 49 | OP_CLONE = 1 << 0 50 | OP_EXEC = 1 << 1 51 | OP_EXIT = 1 << 2 52 | OP_SETUID = 1 << 3 53 | OP_SETNS = 1 << 4 54 | OP_ACCEPT = 1 << 5 55 | OP_CONNECT = 1 << 6 56 | OP_OPEN = 1 << 7 57 | OP_READ_RECV = 1 << 8 58 | OP_WRITE_SEND = 1 << 9 59 | OP_CLOSE = 1 << 10 60 | OP_TRUNCATE = 1 << 11 61 | OP_SHUTDOWN = 1 << 12 62 | OP_MMAP = 1 << 13 63 | OP_DIGEST = 1 << 14 64 | OP_MKDIR = 1 << 15 65 | OP_RMDIR = 1 << 16 66 | OP_LINK = 1 << 17 67 | OP_UNLINK = 1 << 18 68 | OP_SYMLINK = 1 << 19 69 | OP_RENAME = 1 << 20 70 | -------------------------------------------------------------------------------- /py3/genPython.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | # 3 | # Copyright (C) 2019 IBM Corporation. 4 | # 5 | # Authors: 6 | # Frederico Araujo 7 | # Teryl Taylor 8 | # 9 | # Licensed under the Apache License, Version 2.0 (the "License"); 10 | # you may not use this file except in compliance with the License. 11 | # You may obtain a copy of the License at 12 | # 13 | # http://www.apache.org/licenses/LICENSE-2.0 14 | # 15 | # Unless required by applicable law or agreed to in writing, software 16 | # distributed under the License is distributed on an "AS IS" BASIS, 17 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | # See the License for the specific language governing permissions and 19 | # limitations under the License. 20 | # 21 | 22 | import sys 23 | import glob 24 | import os 25 | schema_json = "....." 26 | output_directory = "python" 27 | from avrogen import write_schema_files 28 | 29 | 30 | for file in glob.glob("../avro/avsc/SysFlow.avsc"): 31 | with open(file, 'r') as myfile: 32 | schema_json=myfile.read().replace('\n', '') 33 | base=os.path.basename(file) 34 | name = os.path.splitext(base)[0].lower() 35 | dir = "classes/" + name 36 | write_schema_files(schema_json, dir) 37 | -------------------------------------------------------------------------------- /py3/setup.cfg: -------------------------------------------------------------------------------- 1 | [metadata] 2 | name = sysflow-tools 3 | version = 0.6.1 4 | description = SysFlow APIs and utilities 5 | long_description = file:README.md 6 | long_description_content_type = text/markdown 7 | keywords = 8 | system telemetry 9 | cloud-native security 10 | runtime observability 11 | url = https://github.com/sysflow-telemetry 12 | license = Apache 2.0 License 13 | classifiers = 14 | Topic :: Security 15 | Operating System :: OS Independent 16 | License :: OSI Approved :: Apache Software License 17 | Programming Language :: Python :: 3 18 | Programming Language :: Python :: 3 :: Only 19 | project_urls = 20 | Documentation = https://sysflow.readthedocs.io/ 21 | 22 | [options] 23 | packages = find: 24 | package_dir = 25 | =classes 26 | scripts = utils/sysprint 27 | python_requires = >= 3.7 28 | install_requires = 29 | tabulate>=0.8.9 30 | minio>=7.0.3 31 | antlr4-python3-runtime==4.9.2 32 | dotty-dict>=1.3.0 33 | pandas>=1.3.0 34 | frozendict>=2.0.3 35 | fastavro>=1.7.0 36 | mitreattack-python>=1.5.7 37 | plotly>=5.5.0 38 | seaborn>=0.11.1 39 | graphviz>=0.17 40 | matplotlib>=3.4.3 41 | importlib.metadata>=4.12.0 42 | 43 | [options.packages.find] 44 | where = classes 45 | -------------------------------------------------------------------------------- /py3/setup.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | # 3 | # Copyright (C) 2022 IBM Corporation. 4 | # 5 | # Authors: 6 | # Frederico Araujo 7 | # Teryl Taylor 8 | # 9 | # Licensed under the Apache License, Version 2.0 (the "License"); 10 | # you may not use this file except in compliance with the License. 11 | # You may obtain a copy of the License at 12 | # 13 | # http://www.apache.org/licenses/LICENSE-2.0 14 | # 15 | # Unless required by applicable law or agreed to in writing, software 16 | # distributed under the License is distributed on an "AS IS" BASIS, 17 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | # See the License for the specific language governing permissions and 19 | # limitations under the License. 20 | # 21 | import setuptools 22 | 23 | if __name__ == "__main__": 24 | setuptools.setup() 25 | 26 | -------------------------------------------------------------------------------- /pynb/data/attacks/express/mon.1531776682.sf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysflow-telemetry/sf-apis/382270fa878cd723d7336184abc998981f8444a4/pynb/data/attacks/express/mon.1531776682.sf -------------------------------------------------------------------------------- /pynb/data/attacks/express/mon.1531776712.sf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysflow-telemetry/sf-apis/382270fa878cd723d7336184abc998981f8444a4/pynb/data/attacks/express/mon.1531776712.sf -------------------------------------------------------------------------------- /pynb/data/attacks/express/mon.1531776742.sf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysflow-telemetry/sf-apis/382270fa878cd723d7336184abc998981f8444a4/pynb/data/attacks/express/mon.1531776742.sf -------------------------------------------------------------------------------- /pynb/data/client-server/client.c: -------------------------------------------------------------------------------- 1 | // Write CPP code here 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | #define MAX 80 8 | #define PORT 8080 9 | #define SA struct sockaddr 10 | void func(int sockfd) 11 | { 12 | char buff[MAX]; 13 | int n; 14 | for (;;) { 15 | bzero(buff, sizeof(buff)); 16 | printf("Enter the string : "); 17 | n = 0; 18 | while ((buff[n++] = getchar()) != '\n') 19 | ; 20 | write(sockfd, buff, sizeof(buff)); 21 | bzero(buff, sizeof(buff)); 22 | read(sockfd, buff, sizeof(buff)); 23 | printf("From Server : %s", buff); 24 | if ((strncmp(buff, "exit", 4)) == 0) { 25 | printf("Client Exit...\n"); 26 | break; 27 | } 28 | } 29 | } 30 | 31 | int main() 32 | { 33 | int sockfd, connfd; 34 | struct sockaddr_in servaddr, cli; 35 | 36 | // socket create and varification 37 | sockfd = socket(AF_INET, SOCK_STREAM, 0); 38 | if (sockfd == -1) { 39 | printf("socket creation failed...\n"); 40 | exit(0); 41 | } 42 | else 43 | printf("Socket successfully created..\n"); 44 | bzero(&servaddr, sizeof(servaddr)); 45 | 46 | // assign IP, PORT 47 | servaddr.sin_family = AF_INET; 48 | servaddr.sin_addr.s_addr = inet_addr("127.0.0.1"); 49 | servaddr.sin_port = htons(PORT); 50 | 51 | // connect the client socket to server socket 52 | if (connect(sockfd, (SA*)&servaddr, sizeof(servaddr)) != 0) { 53 | printf("connection with the server failed...\n"); 54 | exit(0); 55 | } 56 | else 57 | printf("connected to the server..\n"); 58 | 59 | // function for chat 60 | func(sockfd); 61 | 62 | // close the socket 63 | close(sockfd); 64 | } 65 | 66 | -------------------------------------------------------------------------------- /pynb/data/client-server/server.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | #define MAX 80 8 | #define PORT 8080 9 | #define SA struct sockaddr 10 | 11 | // Function designed for chat between client and server. 12 | void func(int sockfd) 13 | { 14 | char buff[MAX]; 15 | int n; 16 | // infinite loop for chat 17 | for (;;) { 18 | bzero(buff, MAX); 19 | 20 | // read the message from client and copy it in buffer 21 | read(sockfd, buff, sizeof(buff)); 22 | // print buffer which contains the client contents 23 | printf("From client: %s\t To client : ", buff); 24 | bzero(buff, MAX); 25 | n = 0; 26 | // copy server message in the buffer 27 | while ((buff[n++] = getchar()) != '\n') 28 | ; 29 | 30 | // and send that buffer to client 31 | write(sockfd, buff, sizeof(buff)); 32 | 33 | // if msg contains "Exit" then server exit and chat ended. 34 | if (strncmp("exit", buff, 4) == 0) { 35 | printf("Server Exit...\n"); 36 | break; 37 | } 38 | } 39 | } 40 | 41 | // Driver function 42 | int main() 43 | { 44 | int sockfd, connfd, len; 45 | struct sockaddr_in servaddr, cli; 46 | 47 | // socket create and verification 48 | sockfd = socket(AF_INET, SOCK_STREAM, 0); 49 | if (sockfd == -1) { 50 | printf("socket creation failed...\n"); 51 | exit(0); 52 | } 53 | else 54 | printf("Socket successfully created..\n"); 55 | bzero(&servaddr, sizeof(servaddr)); 56 | 57 | // assign IP, PORT 58 | servaddr.sin_family = AF_INET; 59 | servaddr.sin_addr.s_addr = htonl(INADDR_ANY); 60 | servaddr.sin_port = htons(PORT); 61 | 62 | // Binding newly created socket to given IP and verification 63 | if ((bind(sockfd, (SA*)&servaddr, sizeof(servaddr))) != 0) { 64 | printf("socket bind failed...\n"); 65 | exit(0); 66 | } 67 | else 68 | printf("Socket successfully binded..\n"); 69 | 70 | // Now server is ready to listen and verification 71 | if ((listen(sockfd, 5)) != 0) { 72 | printf("Listen failed...\n"); 73 | exit(0); 74 | } 75 | else 76 | printf("Server listening..\n"); 77 | len = sizeof(cli); 78 | 79 | // Accept the data packet from client and verification 80 | connfd = accept(sockfd, (SA*)&cli, &len); 81 | if (connfd < 0) { 82 | printf("server acccept failed...\n"); 83 | exit(0); 84 | } 85 | else 86 | printf("server acccept the client...\n"); 87 | 88 | // Function for chatting between client and server 89 | func(connfd); 90 | 91 | // After chatting close the socket 92 | close(sockfd); 93 | } 94 | 95 | -------------------------------------------------------------------------------- /pynb/data/client-server/tcp-client-server.sf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysflow-telemetry/sf-apis/382270fa878cd723d7336184abc998981f8444a4/pynb/data/client-server/tcp-client-server.sf -------------------------------------------------------------------------------- /pynb/data/files/files.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | int main( int argc, const char* argv[] ) 6 | { 7 | FILE* fp = fopen("/tmp/tested_file.txt", "w+"); 8 | fprintf(fp, "This is testing for fprintf...\n"); 9 | fclose(fp); 10 | 11 | FILE* fp2 = fopen("/tmp/tested_file2.txt", "w+"); 12 | fprintf(fp2, "This is testing file2 for fprintf...\n"); 13 | fclose(fp2); 14 | 15 | FILE* fp3 = fopen("/tmp/tested_file3.txt", "w+"); 16 | fprintf(fp3, "This is testing file3 for fprintf...\n"); 17 | fclose(fp3); 18 | 19 | FILE* f = fopen("./tested_file_test.txt", "w+"); 20 | fprintf(f, "This is testing_file_test for fprintf...\n"); 21 | fclose(f); 22 | 23 | int res = mkdir("/tmp/testing_dir", S_IRWXU); 24 | printf("The res of the mkdir 1 is %d\n", res); 25 | 26 | res = mkdir("./testing_dir", S_IRWXU); 27 | printf("The res of the mkdir 2 is %d\n", res); 28 | 29 | res = rmdir("/tmp/testing_dir"); 30 | printf("The res of the rmdir is %d\n", res); 31 | 32 | res = rmdir("./testing_dir"); 33 | printf("The res of the second rmdir is %d\n", res); 34 | 35 | res = chmod("/tmp/tested_file.txt", S_IRWXU); 36 | printf("The res of the chmod is %d\n", res); 37 | 38 | res = chown("/tmp/tested_file.txt", 500, 500); 39 | printf("The res of the chmod is %d\n", res); 40 | 41 | res = link("/tmp/tested_file.txt", "./tested_file.txt"); 42 | printf("The res of the link is %d\n", res); 43 | 44 | res = symlink("/tmp/tested_file2.txt", "./tested_file2.txt"); 45 | printf("The res of the symlink is %d\n", res); 46 | 47 | res = rename("/tmp/tested_file3.txt", "/tmp/tested_file4.txt"); 48 | printf("The res of the rename is %d\n", res); 49 | 50 | res = unlink("/tmp/tested_file.txt"); 51 | printf("The res of the unlink is %d\n", res); 52 | res = unlink("./tested_file.txt"); 53 | printf("The res of the unlink2 is %d\n", res); 54 | res = unlink("./tested_file2.txt"); 55 | printf("The res of the unlink3 is %d\n", res); 56 | res = unlink("/tmp/tested_file2.txt"); 57 | printf("The res of the unlink 4 is %d\n", res); 58 | res = unlink("./tested_file_test.txt"); 59 | printf("The res of the unlink5 is %d\n", res); 60 | res = unlink("/tmp/tested_file4.txt"); 61 | printf("The res of the unlink6 is %d\n", res); 62 | 63 | } 64 | 65 | -------------------------------------------------------------------------------- /pynb/data/files/files.sf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysflow-telemetry/sf-apis/382270fa878cd723d7336184abc998981f8444a4/pynb/data/files/files.sf -------------------------------------------------------------------------------- /pynb/data/files/filesat.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | int main( int argc, const char* argv[] ) 10 | { 11 | 12 | DIR* dir = opendir("/tmp/"); 13 | int dfd = dirfd(dir); 14 | 15 | printf("The dir fd is %d, Errno %d\n", dfd, errno); 16 | 17 | 18 | int f = openat(dfd, "tested_file.txt", O_WRONLY | O_CREAT); 19 | 20 | printf("The fd is %d, Errno %d\n", f, errno); 21 | 22 | if(f != -1) { 23 | char buff[100]; 24 | strcpy(buff, "This is testing for fprintf...\n"); 25 | write(f, buff, strlen(buff)); 26 | close(f); 27 | } 28 | 29 | 30 | 31 | 32 | FILE* fp2 = fopen("/tmp/tested_file2.txt", "w+"); 33 | fprintf(fp2, "This is testing file2 for fprintf...\n"); 34 | fclose(fp2); 35 | 36 | FILE* fp3 = fopen("/tmp/tested_file3.txt", "w+"); 37 | fprintf(fp3, "This is testing file3 for fprintf...\n"); 38 | fclose(fp3); 39 | 40 | FILE* fp = fopen("./tested_file_test.txt", "w+"); 41 | fprintf(fp, "This is testing_file_test for fprintf...\n"); 42 | fclose(fp); 43 | 44 | int res = mkdirat(dfd, "/tmp/testing_dir", S_IRWXU); 45 | printf("The res of the mkdir 1 is %d\n", res); 46 | 47 | res = mkdirat(AT_FDCWD, "./testing_dir", S_IRWXU); 48 | printf("The res of the mkdir 2 is %d\n", res); 49 | 50 | res = rmdir("/tmp/testing_dir"); 51 | printf("The res of the rmdir is %d\n", res); 52 | 53 | res = rmdir("./testing_dir"); 54 | printf("The res of the second rmdir is %d\n", res); 55 | 56 | //res = chmod("/tmp/tested_file.txt", S_IRWXU); 57 | //printf("The res of the chmod is %d\n", res); 58 | 59 | //res = chown("/tmp/tested_file.txt", 500, 500); 60 | //printf("The res of the chmod is %d\n", res); 61 | 62 | res = linkat(dfd, "./tested_file.txt", AT_FDCWD, "./tested_file.txt", 0); 63 | printf("The res of the link is %d\n", res); 64 | 65 | res = symlinkat("/tmp/tested_file2.txt", AT_FDCWD, "./tested_file2.txt"); 66 | printf("The res of the symlink is %d\n", res); 67 | 68 | res = renameat(dfd, "./tested_file3.txt", AT_FDCWD, "/tmp/tested_file4.txt"); 69 | printf("The res of the rename is %d\n", res); 70 | 71 | res = unlinkat(dfd, "./tested_file.txt", 0); 72 | printf("The res of the unlink is %d\n", res); 73 | res = unlinkat(AT_FDCWD, "./tested_file.txt", 0); 74 | printf("The res of the unlink2 is %d\n", res); 75 | res = unlinkat(AT_FDCWD, "./tested_file2.txt", 0); 76 | printf("The res of the unlink3 is %d\n", res); 77 | res = unlinkat(dfd, "/tmp/tested_file2.txt", 0); 78 | printf("The res of the unlink 4 is %d\n", res); 79 | res = unlinkat(AT_FDCWD, "./tested_file_test.txt", 0); 80 | printf("The res of the unlink5 is %d\n", res); 81 | res = unlinkat(dfd, "../tmp/tested_file4.txt", 0); 82 | printf("The res of the unlink6 is %d\n", res); 83 | closedir(dir); 84 | } 85 | 86 | -------------------------------------------------------------------------------- /pynb/data/files/filesat.sf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysflow-telemetry/sf-apis/382270fa878cd723d7336184abc998981f8444a4/pynb/data/files/filesat.sf -------------------------------------------------------------------------------- /pynb/data/files/make.sh: -------------------------------------------------------------------------------- 1 | gcc -o filer files.c 2 | gcc -o filesat filesat.c 3 | -------------------------------------------------------------------------------- /pynb/data/mpm-event/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM httpd:2.4 2 | COPY ./httpd.conf /usr/local/apache2/conf/httpd.conf 3 | COPY ./htdocs/ /usr/local/apache2/htdocs/ 4 | -------------------------------------------------------------------------------- /pynb/data/mpm-event/README.md: -------------------------------------------------------------------------------- 1 | ### This sample contains two basic tests: 2 | 3 | * full capture: records the container scap from launch to tests (`./run`, `./test` command sequence) 4 | * cold start capture: records the already started container scap from tests (`./test` command sequence) 5 | 6 | ### To install ab: 7 | ``` 8 | sudo apt-get install apache2-utils 9 | ``` 10 | 11 | ### To build and run samples: 12 | ``` 13 | ./build 14 | ./run 15 | ``` 16 | 17 | ### To generate workload: 18 | ``` 19 | ./test 20 | ``` 21 | 22 | -------------------------------------------------------------------------------- /pynb/data/mpm-event/cold_start_capture.sf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysflow-telemetry/sf-apis/382270fa878cd723d7336184abc998981f8444a4/pynb/data/mpm-event/cold_start_capture.sf -------------------------------------------------------------------------------- /pynb/data/mpm-event/full_capture.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysflow-telemetry/sf-apis/382270fa878cd723d7336184abc998981f8444a4/pynb/data/mpm-event/full_capture.log -------------------------------------------------------------------------------- /pynb/data/mpm-event/full_capture.sf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysflow-telemetry/sf-apis/382270fa878cd723d7336184abc998981f8444a4/pynb/data/mpm-event/full_capture.sf -------------------------------------------------------------------------------- /pynb/data/mpm-event/htdocs/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | This is a test! 4 | 5 | 6 | -------------------------------------------------------------------------------- /pynb/data/mpm-event/run: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | sudo docker run -d --name httpd_event -p 8090:80 httpd_event 3 | -------------------------------------------------------------------------------- /pynb/data/mpm-event/test: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | ab -n 25 -c 3 http://localhost:8090/index.html 3 | -------------------------------------------------------------------------------- /pynb/data/mpm-preforked/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM httpd:2.4 2 | COPY ./httpd.conf /usr/local/apache2/conf/httpd.conf 3 | COPY ./htdocs/ /usr/local/apache2/htdocs/ 4 | -------------------------------------------------------------------------------- /pynb/data/mpm-preforked/README.md: -------------------------------------------------------------------------------- 1 | ### This sample contains two basic tests: 2 | 3 | * full capture: records the container scap from launch to tests (`./run`, `./test` command sequence) 4 | * cold start capture: records the already started container scap from tests (`./test` command sequence) 5 | 6 | ### To install ab: 7 | ``` 8 | sudo apt-get install apache2-utils 9 | ``` 10 | 11 | ### To build and run samples: 12 | ``` 13 | ./build 14 | ./run 15 | ``` 16 | 17 | ### To generate workload: 18 | ``` 19 | ./test 20 | ``` 21 | 22 | -------------------------------------------------------------------------------- /pynb/data/mpm-preforked/cold_start_capture.sf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysflow-telemetry/sf-apis/382270fa878cd723d7336184abc998981f8444a4/pynb/data/mpm-preforked/cold_start_capture.sf -------------------------------------------------------------------------------- /pynb/data/mpm-preforked/full_capture.sf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysflow-telemetry/sf-apis/382270fa878cd723d7336184abc998981f8444a4/pynb/data/mpm-preforked/full_capture.sf -------------------------------------------------------------------------------- /pynb/data/mpm-preforked/htdocs/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | This is a test! 4 | 5 | 6 | -------------------------------------------------------------------------------- /pynb/data/mpm-preforked/mpm-preforked.sf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysflow-telemetry/sf-apis/382270fa878cd723d7336184abc998981f8444a4/pynb/data/mpm-preforked/mpm-preforked.sf -------------------------------------------------------------------------------- /pynb/data/mpm-preforked/run: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | sudo docker run -d --name httpd_preforked -p 8090:80 httpd_preforked 3 | -------------------------------------------------------------------------------- /pynb/data/mpm-preforked/test: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | ab -n 25 -c 3 http://localhost:8090/index.html 3 | -------------------------------------------------------------------------------- /pynb/data/mpm-worker/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM httpd:2.4 2 | COPY ./httpd.conf /usr/local/apache2/conf/httpd.conf 3 | COPY ./htdocs/ /usr/local/apache2/htdocs/ 4 | -------------------------------------------------------------------------------- /pynb/data/mpm-worker/README.md: -------------------------------------------------------------------------------- 1 | ### This sample contains two basic tests: 2 | 3 | * full capture: records the container scap from launch to tests (`./run`, `./test` command sequence) 4 | * cold start capture: records the already started container scap from tests (`./test` command sequence) 5 | 6 | ### To install ab: 7 | ``` 8 | sudo apt-get install apache2-utils 9 | ``` 10 | 11 | ### To build and run samples: 12 | ``` 13 | ./build 14 | ./run 15 | ``` 16 | 17 | ### To generate workload: 18 | ``` 19 | ./test 20 | ``` 21 | 22 | -------------------------------------------------------------------------------- /pynb/data/mpm-worker/cold_start_capture.sf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysflow-telemetry/sf-apis/382270fa878cd723d7336184abc998981f8444a4/pynb/data/mpm-worker/cold_start_capture.sf -------------------------------------------------------------------------------- /pynb/data/mpm-worker/full_capture.sf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysflow-telemetry/sf-apis/382270fa878cd723d7336184abc998981f8444a4/pynb/data/mpm-worker/full_capture.sf -------------------------------------------------------------------------------- /pynb/data/mpm-worker/htdocs/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | This is a test! 4 | 5 | 6 | -------------------------------------------------------------------------------- /pynb/data/mpm-worker/run: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | sudo docker run -d --name httpd_worker -p 8090:80 httpd_worker 3 | -------------------------------------------------------------------------------- /pynb/data/mpm-worker/test: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | ab -n 25 -c 3 http://localhost:8090/index.html 3 | -------------------------------------------------------------------------------- /pynb/data/namespaces/create_ns.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | sudo umount -l /tmp/ns; rm -r /tmp/ns 3 | mkdir -p /tmp/ns 4 | sudo mount --bind --make-private /tmp/ns /tmp/ns 5 | touch /tmp/ns/pid 6 | sudo unshare --pid=/tmp/ns/pid -f 7 | -------------------------------------------------------------------------------- /pynb/data/namespaces/enter_ns.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | sudo nsenter --pid=/tmp/ns/pid -- /bin/bash 3 | -------------------------------------------------------------------------------- /pynb/data/namespaces/setns.sf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysflow-telemetry/sf-apis/382270fa878cd723d7336184abc998981f8444a4/pynb/data/namespaces/setns.sf -------------------------------------------------------------------------------- /pynb/data/nginx/nginx.sf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysflow-telemetry/sf-apis/382270fa878cd723d7336184abc998981f8444a4/pynb/data/nginx/nginx.sf -------------------------------------------------------------------------------- /pynb/data/objectstore/README.md: -------------------------------------------------------------------------------- 1 | # MinIO 2 | To obtain keys: 3 | ``` 4 | ./run 5 | sudo docker logs minio 6 | ``` 7 | 8 | To use MinIO client: 9 | Command-line Access: https://docs.minio.io/docs/minio-client-quickstart-guide 10 | ``` 11 | $ mc config host add minio http://172.17.0.4:9000 12 | $ mc ls minio/play 13 | $ mc cp --recursive minio/play /tmp/ 14 | $ mc cp --recursive minio/play /tmp/ 15 | $ mc cp --recursive /tmp/play/* minio/play/ 16 | ``` 17 | 18 | 19 | -------------------------------------------------------------------------------- /pynb/data/objectstore/client: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | docker pull minio/mc 3 | docker run minio/mc ls play 4 | -------------------------------------------------------------------------------- /pynb/data/objectstore/data/.minio.sys/buckets/play/mon.1544763289/fs.json: -------------------------------------------------------------------------------- 1 | {"version":"1.0.2","checksum":{"algorithm":"","blocksize":0,"hashes":null},"meta":{"content-type":"application/octet-stream","etag":"38071ee85aa3db25d5ab95c1a615a9de"}} -------------------------------------------------------------------------------- /pynb/data/objectstore/data/.minio.sys/buckets/play/mon.1544763319/fs.json: -------------------------------------------------------------------------------- 1 | {"version":"1.0.2","checksum":{"algorithm":"","blocksize":0,"hashes":null},"meta":{"content-type":"application/octet-stream","etag":"f6e2a60578b342a7bec5b59f9ae7f56a"}} -------------------------------------------------------------------------------- /pynb/data/objectstore/data/.minio.sys/buckets/play/mon.1544763349/fs.json: -------------------------------------------------------------------------------- 1 | {"version":"1.0.2","checksum":{"algorithm":"","blocksize":0,"hashes":null},"meta":{"content-type":"application/octet-stream","etag":"6afda85a4ebf6141e9afabb6126f6170"}} -------------------------------------------------------------------------------- /pynb/data/objectstore/data/.minio.sys/buckets/play/mon.1544763379/fs.json: -------------------------------------------------------------------------------- 1 | {"version":"1.0.2","checksum":{"algorithm":"","blocksize":0,"hashes":null},"meta":{"content-type":"application/octet-stream","etag":"4f2bff3b5d7b636f5a8338e73ba8388f"}} -------------------------------------------------------------------------------- /pynb/data/objectstore/data/.minio.sys/buckets/play/mon.1548965896/fs.json: -------------------------------------------------------------------------------- 1 | {"version":"1.0.2","checksum":{"algorithm":"","blocksize":0,"hashes":null},"meta":{"content-type":"application/octet-stream","etag":"2733701089f5eabaecc17ef95a373697"}} -------------------------------------------------------------------------------- /pynb/data/objectstore/data/.minio.sys/buckets/play/mon.1548965926/fs.json: -------------------------------------------------------------------------------- 1 | {"version":"1.0.2","checksum":{"algorithm":"","blocksize":0,"hashes":null},"meta":{"content-type":"application/octet-stream","etag":"98d6eb0609784408e2f56178aef1486e"}} -------------------------------------------------------------------------------- /pynb/data/objectstore/data/.minio.sys/buckets/play/mon.1548965956/fs.json: -------------------------------------------------------------------------------- 1 | {"version":"1.0.2","checksum":{"algorithm":"","blocksize":0,"hashes":null},"meta":{"content-type":"application/octet-stream","etag":"1f081b7eaa6568ada648a033b9eb3009"}} -------------------------------------------------------------------------------- /pynb/data/objectstore/data/.minio.sys/buckets/play/mon.1548965986/fs.json: -------------------------------------------------------------------------------- 1 | {"version":"1.0.2","checksum":{"algorithm":"","blocksize":0,"hashes":null},"meta":{"content-type":"application/octet-stream","etag":"287d87eff2ab03d3f55615f92c2802f8"}} -------------------------------------------------------------------------------- /pynb/data/objectstore/data/.minio.sys/buckets/play/mon.1548966016/fs.json: -------------------------------------------------------------------------------- 1 | {"version":"1.0.2","checksum":{"algorithm":"","blocksize":0,"hashes":null},"meta":{"content-type":"application/octet-stream","etag":"9821aa37dae2a9644ad170cfb770ba0c"}} -------------------------------------------------------------------------------- /pynb/data/objectstore/data/.minio.sys/buckets/play/tcpclientserver/fs.json: -------------------------------------------------------------------------------- 1 | {"version":"1.0.2","checksum":{"algorithm":"","blocksize":0,"hashes":null},"meta":{"content-type":"application/octet-stream","etag":"794e950698de80cf71d9cd5885f12495"}} -------------------------------------------------------------------------------- /pynb/data/objectstore/data/.minio.sys/format.json: -------------------------------------------------------------------------------- 1 | {"version":"1","format":"fs","fs":{"version":"2"}} -------------------------------------------------------------------------------- /pynb/data/objectstore/data/play/mon.1544763289: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysflow-telemetry/sf-apis/382270fa878cd723d7336184abc998981f8444a4/pynb/data/objectstore/data/play/mon.1544763289 -------------------------------------------------------------------------------- /pynb/data/objectstore/data/play/mon.1544763319: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysflow-telemetry/sf-apis/382270fa878cd723d7336184abc998981f8444a4/pynb/data/objectstore/data/play/mon.1544763319 -------------------------------------------------------------------------------- /pynb/data/objectstore/data/play/mon.1544763349: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysflow-telemetry/sf-apis/382270fa878cd723d7336184abc998981f8444a4/pynb/data/objectstore/data/play/mon.1544763349 -------------------------------------------------------------------------------- /pynb/data/objectstore/data/play/mon.1544763379: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysflow-telemetry/sf-apis/382270fa878cd723d7336184abc998981f8444a4/pynb/data/objectstore/data/play/mon.1544763379 -------------------------------------------------------------------------------- /pynb/data/objectstore/data/play/mon.1548965896: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysflow-telemetry/sf-apis/382270fa878cd723d7336184abc998981f8444a4/pynb/data/objectstore/data/play/mon.1548965896 -------------------------------------------------------------------------------- /pynb/data/objectstore/data/play/mon.1548965926: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysflow-telemetry/sf-apis/382270fa878cd723d7336184abc998981f8444a4/pynb/data/objectstore/data/play/mon.1548965926 -------------------------------------------------------------------------------- /pynb/data/objectstore/data/play/mon.1548965956: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysflow-telemetry/sf-apis/382270fa878cd723d7336184abc998981f8444a4/pynb/data/objectstore/data/play/mon.1548965956 -------------------------------------------------------------------------------- /pynb/data/objectstore/data/play/mon.1548965986: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysflow-telemetry/sf-apis/382270fa878cd723d7336184abc998981f8444a4/pynb/data/objectstore/data/play/mon.1548965986 -------------------------------------------------------------------------------- /pynb/data/objectstore/data/play/mon.1548966016: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysflow-telemetry/sf-apis/382270fa878cd723d7336184abc998981f8444a4/pynb/data/objectstore/data/play/mon.1548966016 -------------------------------------------------------------------------------- /pynb/data/objectstore/data/play/tcpclientserver: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysflow-telemetry/sf-apis/382270fa878cd723d7336184abc998981f8444a4/pynb/data/objectstore/data/play/tcpclientserver -------------------------------------------------------------------------------- /pynb/data/objectstore/download.sf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysflow-telemetry/sf-apis/382270fa878cd723d7336184abc998981f8444a4/pynb/data/objectstore/download.sf -------------------------------------------------------------------------------- /pynb/data/objectstore/ls.sf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysflow-telemetry/sf-apis/382270fa878cd723d7336184abc998981f8444a4/pynb/data/objectstore/ls.sf -------------------------------------------------------------------------------- /pynb/data/objectstore/run: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | sudo docker run -d -p 9000:9000 --name minio -v $PWD/data:/data minio/minio server /data 3 | -------------------------------------------------------------------------------- /pynb/data/objectstore/upload.sf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysflow-telemetry/sf-apis/382270fa878cd723d7336184abc998981f8444a4/pynb/data/objectstore/upload.sf -------------------------------------------------------------------------------- /pynb/data/setuid/make.sh: -------------------------------------------------------------------------------- 1 | gcc -O2 -ggdb -o setuid setuid.c 2 | -------------------------------------------------------------------------------- /pynb/data/setuid/setuid.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | int main(void) 6 | { 7 | int current_uid = getuid(); 8 | printf("My UID is: %d. My GID is: %dn", current_uid, getgid()); 9 | system("/usr/bin/id"); 10 | if (setuid(500)) 11 | { 12 | perror("setuid"); 13 | return 1; 14 | } 15 | //I am now root! 16 | printf("My UID is: %d. My GID is: %dn", getuid(), getgid()); 17 | system("/usr/bin/id"); 18 | //Time to drop back to regular user privileges 19 | setuid(current_uid); 20 | printf("My UID is: %d. My GID is: %dn", getuid(), getgid()); 21 | system("/usr/bin/id"); 22 | return 0; 23 | } 24 | -------------------------------------------------------------------------------- /pynb/data/setuid/setuid.sf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysflow-telemetry/sf-apis/382270fa878cd723d7336184abc998981f8444a4/pynb/data/setuid/setuid.sf -------------------------------------------------------------------------------- /pynb/notebooks/FloCon2020/figures/attack.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysflow-telemetry/sf-apis/382270fa878cd723d7336184abc998981f8444a4/pynb/notebooks/FloCon2020/figures/attack.png -------------------------------------------------------------------------------- /pynb/notebooks/FloCon2020/sfql/defs.yaml: -------------------------------------------------------------------------------- 1 | ###### Lists #################### 2 | 3 | - list: http_server_binaries 4 | items: [nginx, httpd, httpd-foregroun, lighttpd, apache, apache2, node] 5 | 6 | ###### Macros ################### 7 | 8 | - macro: suspicious_webserver_writes 9 | condition: (type = FF and file.type = f and opflags contains WRITE and proc.name pmatch (http_server_binaries)) -------------------------------------------------------------------------------- /pynb/notebooks/K8sDemo/data/experiment.log: -------------------------------------------------------------------------------- 1 | 2022-03-17 18:48:40,736 main INFO ----- starting experiment 2 | 2022-03-17 18:48:40,736 main INFO ----- create project robot-shop 3 | 2022-03-17 18:48:40,736 main INFO kubectl create namespace robot-shop 4 | namespace/robot-shop created 5 | 2022-03-17 18:48:40,991 main INFO ... waiting for 60 seconds 6 | 2022-03-17 18:49:41,047 main INFO ----- install robot shop 7 | NAME: robot-shop 8 | LAST DEPLOYED: Thu Mar 17 18:49:41 2022 9 | NAMESPACE: robot-shop 10 | STATUS: deployed 11 | REVISION: 1 12 | TEST SUITE: None 13 | 2022-03-17 18:49:42,531 main INFO ... waiting for 900 seconds 14 | 2022-03-17 19:04:42,632 main INFO resolve url of robot-shop 15 | 2022-03-17 19:04:47,423 main INFO robot-shop url is http://192.168.59.100:31907 16 | 2022-03-17 19:04:47,423 main INFO ----- kill container mongodb 17 | 2022-03-17 19:04:47,423 main INFO Identify container mongodb 18 | 2022-03-17 19:04:48,073 main INFO Kill container mongodb-67c5456f4-d4bgv with cmd "kubectl delete pod mongodb-67c5456f4-d4bgv -n robot-shop" 19 | pod "mongodb-67c5456f4-d4bgv" deleted 20 | 2022-03-17 19:04:53,940 main INFO ... waiting for 300 seconds 21 | 2022-03-17 19:09:53,947 main INFO ----- kill container web 22 | 2022-03-17 19:09:53,947 main INFO Identify container web 23 | 2022-03-17 19:09:54,217 main INFO Kill container web-77486f858f-gpfrn with cmd "kubectl delete pod web-77486f858f-gpfrn -n robot-shop" 24 | pod "web-77486f858f-gpfrn" deleted 25 | 2022-03-17 19:10:02,620 main INFO ... waiting for 300 seconds 26 | 2022-03-17 19:15:02,660 main INFO ----- kill container user 27 | 2022-03-17 19:15:02,661 main INFO Identify container user 28 | 2022-03-17 19:15:03,314 main INFO Kill container user-899b6c7ff-c7wnj with cmd "kubectl delete pod user-899b6c7ff-c7wnj -n robot-shop" 29 | pod "user-899b6c7ff-c7wnj" deleted 30 | 2022-03-17 19:15:36,016 main INFO ... waiting for 300 seconds 31 | 2022-03-17 19:20:36,117 main INFO ----- delete robot shop 32 | release "robot-shop" uninstalled 33 | 2022-03-17 19:20:37,534 main INFO ... waiting for 300 seconds 34 | 2022-03-17 19:25:37,627 main INFO ----- delete project robot-shop 35 | 2022-03-17 19:25:37,628 main INFO kubectl delete namespace robot-shop 36 | namespace "robot-shop" deleted 37 | 2022-03-17 19:25:50,305 main INFO ... waiting for 300 seconds 38 | 2022-03-17 19:30:50,346 main INFO ----- experiment ends 39 | -------------------------------------------------------------------------------- /pynb/notebooks/K8sDemo/data/experiment.sf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysflow-telemetry/sf-apis/382270fa878cd723d7336184abc998981f8444a4/pynb/notebooks/K8sDemo/data/experiment.sf -------------------------------------------------------------------------------- /pynb/notebooks/K8sDemo/data/experiment_df.pkl.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysflow-telemetry/sf-apis/382270fa878cd723d7336184abc998981f8444a4/pynb/notebooks/K8sDemo/data/experiment_df.pkl.gz -------------------------------------------------------------------------------- /pynb/notebooks/MitreTagTimeline/figures/attack_steps.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysflow-telemetry/sf-apis/382270fa878cd723d7336184abc998981f8444a4/pynb/notebooks/MitreTagTimeline/figures/attack_steps.png -------------------------------------------------------------------------------- /pynb/notebooks/MitreTagTimeline/figures/env_overview_mitre.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sysflow-telemetry/sf-apis/382270fa878cd723d7336184abc998981f8444a4/pynb/notebooks/MitreTagTimeline/figures/env_overview_mitre.png -------------------------------------------------------------------------------- /pynb/requirements.txt: -------------------------------------------------------------------------------- 1 | plotly>=5.5.0 2 | mitreattack-python>=1.5.7 3 | graphviz>=0.17 4 | matplotlib>=3.4.3 --------------------------------------------------------------------------------