diff --git a/exporter/exporter.go b/exporter/exporter.go index 0d6cfce..2694724 100644 --- a/exporter/exporter.go +++ b/exporter/exporter.go @@ -13,12 +13,8 @@ import ( ) var ( - // Meta Monitoring Data, to be added to default /metrics - // Flow Data, to be exported on /flowdata labels = []string{ - // "src_port", - // "dst_port", "router", "ipversion", "application", @@ -79,17 +75,17 @@ func (e *Exporter) ServeEndpoints(addr string) { func (e *Exporter) Increment(flow *flow.FlowMessage) { var application string - _, appGuess1 := filterPopularPorts(flow.GetSrcPort()) - _, appGuess2 := filterPopularPorts(flow.GetDstPort()) - if appGuess1 != "" { - application = appGuess1 - } else if appGuess2 != "" { - application = appGuess2 + if srcApp := filterPopularPorts(flow.GetSrcPort()); srcApp != "" { + application = srcApp + } else { + dstApp := filterPopularPorts(flow.GetDstPort()) + application = dstApp } hflow := flow_helper.NewFlowHelper(flow) peer := hflow.Peer() + var remoteAS string if flow.GetFlowDirection() == 0 { remoteAS = nameThatAS(flow.GetSrcAS()) @@ -98,8 +94,6 @@ func (e *Exporter) Increment(flow *flow.FlowMessage) { } labels := prometheus.Labels{ - // "src_port": fmt.Sprint(srcPort), - // "dst_port": fmt.Sprint(dstPort), "router": net.IP(flow.GetSamplerAddress()).String(), "ipversion": hflow.IPVersionString(), "application": application, @@ -111,8 +105,6 @@ func (e *Exporter) Increment(flow *flow.FlowMessage) { } e.kafkaMessageCount.Inc() - // flowNumber.With(labels).Add(float64(flow.GetSamplingRate())) - // flowPackets.With(labels).Add(float64(flow.GetPackets())) e.flowBits.With(labels).Add(float64(flow.GetBytes()) * 8) } @@ -124,124 +116,127 @@ func (e *Exporter) IncrementCtrl(topic string, partition int32, offset int64) { e.kafkaOffsets.With(labels).Add(float64(offset)) } -func filterPopularPorts(port uint32) (uint32, string) { +func filterPopularPorts(port uint32) string { switch port { case 80: - return port, "http" + return "http" case 443: - return port, "https" + return "https" case 20, 21: - return port, "ftp" + return "ftp" case 22: - return port, "ssh" + return "ssh" case 23: - return port, "telnet" + return "telnet" case 53: - return port, "dns" + return "dns" case 25, 465: - return port, "smtp" + return "smtp" case 110, 995: - return port, "pop3" + return "pop3" case 143, 993: - return port, "imap" + return "imap" } - return 0, "" + return "" +} + +// Putting asnmap outside the nameThatAS function prevents recreating that map every +// time that function is called. +// As of Go 1.16 the compiler is not smart enough to do that optimization itself. +var asnmap = map[uint32]string{ + 43: "Brookhaven National Laboratory", + 70: "National Library Medicine USA", + 174: "Cogent", + 513: "CERN", + 559: "SWITCH", + 680: "DFN", + 702: "Verizon", + 714: "Apple", + 786: "JANET", + 1239: "Sprint", + 1273: "Vodafone", + 1297: "CERN", + 1299: "Telia", + 1754: "DESY", + 2018: "AFRINIC", + 2603: "NORDUnet", + 2906: "Netflix", + 2914: "NTT", + 3209: "Vodafone", + 3257: "GTT", + 3303: "Swisscom", + 3320: "Deutsche Telekom", + 3356: "CenturyLink", + 4356: "Epic Games", + 5430: "freenet", + 5501: "Fraunhofer", + 5511: "Orange", + 6185: "Apple", + 6453: "TATA", + 6507: "Riot Games", + 6724: "Strato", + 6735: "sdt.net", + 6805: "Telefonica", + 6830: "Vodafone", + 6939: "Hurricane Electric", + 7018: "AT&T", + 8068: "Microsoft", + 8075: "Microsoft", + 8220: "Colt", + 8403: "Spotify", + 8560: "1&1", + 8674: "Netnod", + 8763: "DENIC", + 8881: "Versatel", + 9009: "GLOBALAXS", + 10310: "Yahoo", + 13030: "Init7", + 13335: "Cloudflare", + 15133: "Verizon", + 15169: "Google", + 16276: "OVH", + 16509: "Amazon", + 16591: "Google Fiber", + 16625: "Akamai", + 19679: "Dropbox", + 20446: "Highwinds", + 20504: "RTL", + 20677: "imos", + 20940: "Akamai", + 22822: "Limelight", + 24429: "Alibaba", + 24940: "Hetzner", + 30361: "Swiftwill", + 31334: "Kabel Deutschland", + 32590: "Valve Steam", + 32934: "Facebook", + 33915: "Vodafone", + 35402: "ecotel", + 36459: "Github", + 36561: "Google", + 37963: "Alibaba", + 39702: "S-IT", + 41552: "Ebay", + 41690: "Dailymotion", + 46489: "Twitch", + 48918: "Globalways", + 54113: "Fastly", + 54994: "QUANTIL", + 57976: "Blizzard", + 58069: "KIT", + 60781: "Leaseweb", + 61339: "LHC", + 197540: "Netcup", + 197602: "TV-9", + 206339: "Schuler Pressen", } func nameThatAS(asn uint32) string { - asnmap := map[uint32]string{ - 43: "Brookhaven National Laboratory", - 70: "National Library Medicine USA", - 174: "Cogent", - 513: "CERN", - 559: "SWITCH", - 680: "DFN", - 702: "Verizon", - 714: "Apple", - 786: "JANET", - 1239: "Sprint", - 1273: "Vodafone", - 1297: "CERN", - 1299: "Telia", - 1754: "DESY", - 2018: "AFRINIC", - 2603: "NORDUnet", - 2906: "Netflix", - 2914: "NTT", - 3209: "Vodafone", - 3257: "GTT", - 3303: "Swisscom", - 3320: "Deutsche Telekom", - 3356: "CenturyLink", - 4356: "Epic Games", - 5430: "freenet", - 5501: "Fraunhofer", - 5511: "Orange", - 6185: "Apple", - 6453: "TATA", - 6507: "Riot Games", - 6724: "Strato", - 6735: "sdt.net", - 6805: "Telefonica", - 6830: "Vodafone", - 6939: "Hurricane Electric", - 7018: "AT&T", - 8068: "Microsoft", - 8075: "Microsoft", - 8220: "Colt", - 8403: "Spotify", - 8560: "1&1", - 8674: "Netnod", - 8763: "DENIC", - 8881: "Versatel", - 9009: "GLOBALAXS", - 10310: "Yahoo", - 13030: "Init7", - 13335: "Cloudflare", - 15133: "Verizon", - 15169: "Google", - 16276: "OVH", - 16509: "Amazon", - 16591: "Google Fiber", - 16625: "Akamai", - 19679: "Dropbox", - 20446: "Highwinds", - 20504: "RTL", - 20677: "imos", - 20940: "Akamai", - 22822: "Limelight", - 24429: "Alibaba", - 24940: "Hetzner", - 30361: "Swiftwill", - 31334: "Kabel Deutschland", - 32590: "Valve Steam", - 32934: "Facebook", - 33915: "Vodafone", - 35402: "ecotel", - 36459: "Github", - 36561: "Google", - 37963: "Alibaba", - 39702: "S-IT", - 41552: "Ebay", - 41690: "Dailymotion", - 46489: "Twitch", - 48918: "Globalways", - 54113: "Fastly", - 54994: "QUANTIL", - 57976: "Blizzard", - 58069: "KIT", - 60781: "Leaseweb", - 61339: "LHC", - 197540: "Netcup", - 197602: "TV-9", - 206339: "Schuler Pressen", - } if name, ok := asnmap[asn]; ok { return name + } else if asn == 0 { + return "unset" } else { - if asn == 0 { - return "unset" - } return "other" } }