Formatting a string with version and domain when looking up sampling
rate hurts performance. Instead, use a dedicated structure for key. It
also reduces the pressure on the GC.
* netflow: Add observation domain and point to message
The ObservationDomainID and ObservationPointID are two IPFIX fields that
identify the entity that is capturing flows and can be used to enrich
the context around a specific sample.
Parse these fields from the sample and add them to the FlowMessage.
Signed-off-by: Adrian Moreno <amorenoz@redhat.com>
Co-authored-by: Adrian Moreno <amorenoz@redhat.com>
* adds dataframe link decoding
* can map NetFlow/IPFIX fields and bytes sections from sFlow/packets to any field inside the protobuf
* add CLI argument for loading a mapping yaml file
Defer unlocking just after taking a lock when possible (when unlock is
done at the very end) and when not trivial (the function body is more
than a couple of lines). This simplifies a bit some functions (no need
to unlock before each return) and for the other, it may avoid a bug in
the future in case a return is inserted into the body of a function.
Use of defer has been optimized a lot in Go and it is believed that
simpler defers have zero overhead since Go 1.14:
https://golang.org/doc/go1.14#runtime
> This release improves the performance of most uses of defer to incur
> almost zero overhead compared to calling the deferred function
> directly. As a result, defer can now be used in performance-critical
> code without overhead concerns.
IPFIX supports sending flowEndDeltaMicroseconds (159) and
flowEndDeltaMicroseconds (160) to provide flow timestamps relative to
the exportTime in the IPFIX Message Header.
Use them to calculate flow TimeFlowStart and TimeFlowEnd.
Signed-off-by: Adrian Moreno <amorenoz@redhat.com>
* Source and destination mac addresses are fed from `NFV9_FIELD_xx_yyy_MAC`
Fixes a bug where the samples were missing either source or destination Mac.
This is supposed to be linked to the sampling direction.
