- updated for go doc

Author: chrispassas

doc.go

@@ -0,0 +1,60 @@
+/*
+Package silk is written without cgo to read common silk file formats.
+
+What is silk?
+
+https://tools.netsa.cert.org/silk/faq.html#what-silk
+
+	"SiLK is a suite of network traffic collection and analysis tools developed and
+	maintained by the CERT Network Situational Awareness Team (CERT NetSA) at
+	Carnegie Mellon University to facilitate security analysis of large networks.
+	The SiLK tool suite supports the efficient collection, storage, and analysis
+	of network flow data, enabling network security analysts to rapidly query
+	large historical traffic data sets."
+
+
+Example:
+
+	import (
+		"fmt"
+		"log"
+		"silk"
+	)
+
+	func main() {
+
+		var testFile = "testdata/FT_RWIPV6-v2-c0-L.dat"
+		var err error
+		var sf silk.File
+
+		if sf, err = silk.OpenFile(testFile); err != nil {
+			log.Fatalf("OpenFile() error:%s", err)
+		}
+
+		log.Printf("Compression:%d", sf.Header.Compression)
+		log.Printf("FileFlags:%d", sf.Header.FileFlags)
+		log.Printf("FileVersion:%d", sf.Header.FileVersion)
+		log.Printf("HeaderLength:%d", sf.Header.HeaderLength)
+		log.Printf("MagicNumber:%x", sf.Header.MagicNumber)
+		log.Printf("RecordFormat:%d", sf.Header.RecordFormat)
+		log.Printf("RecordSize:%d", sf.Header.RecordSize)
+		log.Printf("RecordVersion:%d", sf.Header.RecordVersion)
+		log.Printf("SilkVersion:%d", sf.Header.SilkVersion)
+
+		log.Printf("File record count:%d\n", len(sf.Flows))
+
+		fmt.Printf("start_time_ms,src_ip,dst_ip,src_port,dst_port\n")
+		for _, flow := range sf.Flows {
+			fmt.Printf("%d,%s,%s,%d,%d\n",
+				flow.StartTimeMS,
+				flow.SrcIP.String(),
+				flow.DstIP.String(),
+				flow.SrcPort,
+				flow.DstPort,
+			)
+			//Etc... for other silk.Flow values
+		}
+	}
+
+*/
+package silk

file.go

@@ -25,6 +25,8 @@ var isTCPAnd = uint32(math.Pow(2, 23))
 
 //Flow represents a silk flow row of data
 //Depending on type of silk record not all fields are used
+//More details on the Flow stuct fields can be found here:
+//	https://tools.netsa.cert.org/silk/faq.html#file-formats
 type Flow struct {
 	startTimeMS56 uint32
 	StartTimeMS   uint64
@@ -48,11 +50,11 @@ type Flow struct {
 	NextHopIP     net.IP
 }
 
-//ErrUnsupportedCompression unknown compression type. Currently supported
-//0 = no compression
-//1 = zlib
-//2 = lzo
-//3 = snappy
+// ErrUnsupportedCompression unknown compression type. Currently supported
+// 	0 = no compression
+// 	1 = zlib
+// 	2 = lzo
+// 	3 = snappy
 var ErrUnsupportedCompression = fmt.Errorf("Unsupported compression")
 
 type offsets struct {
@@ -197,13 +199,13 @@ func getOffsets(recordSize uint16) (o offsets, err error) {
 	return
 }
 
-//File contains header and silk flow records
+//File contains header and silk slice of flow records
 type File struct {
 	Header Header
 	Flows  []Flow
 }
 
-//OpenFile opens silk file returning SilkFile and Error
+//OpenFile opens and parses silk file returning silk File struct and Error
 func OpenFile(filePath string) (sf File, err error) {
 	var f *os.File
 	var n int

header.go

@@ -6,7 +6,8 @@ import (
 	"os"
 )
 
-//Header TODO
+//Header is documented here:
+//	https://tools.netsa.cert.org/silk/faq.html#file-header
 type Header struct {
 	MagicNumber   []byte
 	FileFlags     uint8
@@ -23,7 +24,9 @@ type Header struct {
 	fileSensor uint32
 }
 
-//VarLenHeader TODO
+//VarLenHeader is part of the silk header. They contain different things
+//like the cli command used to create the file. For some file types the
+// variable length header also contains the year/month/day/hour of the file.
 type VarLenHeader struct {
 	ID      uint32
 	Length  uint32