diff options
| author | Damiano Verzulli <damiano@verzulli.it> | 2022-09-19 16:09:58 +0200 |
|---|---|---|
| committer | Toni <matzeton@googlemail.com> | 2022-09-19 17:23:11 +0200 |
| commit | ab7f7d05f320d712bf369a54ce7c909292d6f41a (patch) | |
| tree | 50e3e6696353a8c2d5d7e51e6a57f1f701fbdf84 | |
| parent | 015a739efda638737adeed521ca5ba43708949f0 (diff) | |
Improve README
- link to already-existing JSON-schemas have been added
- a graphical schema detailing flow-events timeline have
been added in both PNG and source-Drawio formats.
Link to PNG have been included in the README
| -rw-r--r-- | README.md | 20 | ||||
| -rw-r--r-- | schema/flow_events_diagram.drawio | 1 | ||||
| -rw-r--r-- | schema/flow_events_diagram.png | bin | 0 -> 390233 bytes |
3 files changed, 17 insertions, 4 deletions
@@ -80,7 +80,8 @@ Technical details about JSON-messages format can be obtained from related `.sche Those events specify the contents (key-value-pairs) of the JSON string. They are divided into four categories, each with a number of events. -Error Events: indicates that layer2 or layer3 packet processing failed or not enough flow memory available +## Error Events +They are 17 distinct events, indicating that layer2 or layer3 packet processing failed or not enough flow memory available: 1. Unknown datalink layer packet 2. Unknown L3 protocol 3. Unsupported datalink layer @@ -99,17 +100,27 @@ Error Events: indicates that layer2 or layer3 packet processing failed or not en 16. Max flows to track reached 17. Flow memory allocation failed -Daemon Events: startup/shutdown or status events as well as a reconnect event if there was a previous connection failure (collector) +Detailed JSON-schema is available [here](schema/error_event_schema.json) + +## Daemon Events +They are 4 distinct events indicating startup/shutdown or status events as well as a reconnect event if there was a previous connection failure (collector): 1. init: `nDPId` startup 2. reconnect: (UNIX) socket connection lost previously and was established again 3. shutdown: `nDPId` terminates gracefully 4. status: statistics about the daemon itself e.g. memory consumption, zLib compressions (if enabled) -Packet Events: contains base64 encoded packet payload either belonging to a flow or not +Detailed JSON-schema is available [here](schema/daemon_event_schema.json) + + +## Packet Events +They are 2 events containing base64 encoded packet payload either belonging to a flow or not: 1. packet: does not belong to any flow 2. packet-flow: does belong to a flow e.g. TCP/UDP or ICMP -Flow Events: all events related to a flow +Detailed JSON-schema is available [here](schema/packet_event_schema.json) + +## Flow Events +They are 9 distinct events related to a flow: 1. new: a new TCP/UDP/ICMP flow seen which will be tracked 2. end: a TCP connections terminates 3. idle: a flow timed out, because there was no packet on the wire for a certain amount of time @@ -120,6 +131,7 @@ Flow Events: all events related to a flow 8. detection-update: `libnDPI` dissected more layer7 protocol data (after detection already done) 9. not-detected: neither detected nor guessed +Detailed JSON-schema is available [here](schema/flow_event_schema.json). Also, a graphical representation of *Flow Events* timeline is available [here](schema/flow_events_diagram.png). # Flow States diff --git a/schema/flow_events_diagram.drawio b/schema/flow_events_diagram.drawio new file mode 100644 index 000000000..a695a0f29 --- /dev/null +++ b/schema/flow_events_diagram.drawio @@ -0,0 +1 @@ +<mxfile host="Electron" modified="2022-09-19T13:55:43.441Z" agent="5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) draw.io/15.4.0 Chrome/91.0.4472.164 Electron/13.5.0 Safari/537.36" etag="X7uhVc0q2i6IsenfTJZ6" version="15.4.0" type="device"><diagram id="6zxcAsXRhzVs0osY5dHM" name="Page-1">7R1pc9o4+9cw03aGjPEFfKQcfXknTTIl2W4/7QhbBnWNTW0Dob9+JVm+ZGEuG5OUndkGP5Zl67n0XJIaSn/x+sUDy/lX14R2Q5bM14YyaMhyS2lr+A+BbEOIKjHAzEMma5QAJug3ZECJQVfIhH6mYeC6doCWWaDhOg40ggwMeJ67yTazXDv71iWYwRxgYgA7D/2OzGAeQjualMD/B9FsHr25JbE7CxA1ZgB/Dkx3kwIpw4bS91w3CH8tXvvQJsiL8BI+N9pxN/4wDzrBIQ/ov8b64GdvBH9uWk+fLWB8W5tNhX1bsI0GDE08fnbpesHcnbkOsIcJ9LPnrhwTkl4lfJW0uXfdJQa2MPAnDIItIyZYBS4GzYOFze7iD/a2f5Pn77To8gfrjl4MXjNXW3ZlrLw1fS/t5BUFqT7w1Y/UnaQHchF1YAJ/HneQxx9Dqe+uPINhA718GS/Uif9dUuY/e09P4DcaNSM+BN4Mskc344Ey+n8w+P3ya/X6tzWcPVqdZsTDBKWpNzDyfIHuAuLh4QYetEGA1lmWA4xzZ3G7+NEnF+FvliUmZUqHvSiSsYg7oy7CEbGnEhbpeR7YppotSQN/93vUlpZ9T5fjOP67utJZ7XW1uL2makXt8Y9whNFVCucJiEqJWGKKiL8G9orRqyHrNmaDz1P8YxZQzgoBlku/1nBt16NN9V8rN2ygSPg/y0qDwmcfHp+bg+HzsP88HMQde3zP+MvDznPg1Efwgm3bWGkSAd7MUQAnS0CZfIP1dlY8/cBz/421nUwGgmy7H49CGY2GWrcbt8zcIeMqEq419AL4WigNETfoWW5Q2tKdzAi+SVRxK5KyeUoN8wKQlqEUexxPfW0n9eetCPMjG6t5ooz3c4FhUHzluGC4hlQSxdRWeqk7yXsj4DICNFNfcRRz7vqsh+H3ozgwhPlL4GS+XQL4fwcSJD33n/AjLwPy77j/9YlM0SH6fAgdQuk5MuaU4pQ4U0gUrweMf7EeLxKPzEsT8PJyyBo+DI5BVowYipLInkGu45MRQ2+BHBBAv56xjAf3w5MGw4gZoAWhl+Su8HN9SkcDrHxKzDn0yN8NIAN1XKo2MHnJN7pO2IDSn7ay8DeHPRtYkQBEGoAFNkhoc4u9qh4kvTwNes9Ho0kHC6J/nalP/iAHj3BBEDF4GvvemiKNDNkleCKDXS4JnsCUopJiwnadWdMGfoCcWYzyPpUdl6LYhEHISjGaLeQgagolPcSok8CMEGFK+0c+nURC4QMGNVJqQW7voXf/Y3I8dvMaiMP40nPX2MWgdh8dfkgCwPAVIRq+Eq0TUJRZEAQrj8hiyHIpRv9gIh9MbdpsSQlmQgusbMb20IlublBA1FpDl5o9/M/Hq1JdX16Gk8nwaPWVRayNpoSJU6JNGRaPn/pwodmL2HXIohE7gi302gSDnhu4+MsJ3KGYB7ZN+ppiDRH1MiZzxxN2Qyjcp9hNcXwd+OMNuHMR6K8M6PvWyra38eAS4c1jq74xjx8fmmXowd24wALmR8NfuHRSEPGLCQKCnA/ACpgYJjoQ2B4EJkWl68CP9eBLZOiXgysHIjZZpDjFobPIbIX5KLGcRCM20ZoHCQ2sTDvO1cAWPoHnfIrIU3Aw2htZt4KBsO4zyDSmDLTk6pnGFZoycSxEvouLnQqqf5XBHJkmthv5IEUJ7kgUxol8zcg7Sbki2EPJuyJKZb5Ia7czMs3QI2I9xp/ENvNm0w8SZWkyLaV+fWzIIcIkwolNCywQVjr0mZjPMFcrKqEvtNcwQAbI3cl24tNAEOmi1Vq+cvfCr+yFLLoAdnzbhgEW3WbMEYImhM+aCNOZUJXcl1Ld05t40nZ8alKx5x0YN9i4npntnj7OC+o5Qs6r5ESSEtEs08dngrfHwQc2mmEZGRgYb1hPlCIeWjsrH7JAProC8VBLkA5x8K1zQmgzE2E8P87JQpTR7/0BylMjo5nApiAqI6sttYjO6ZCnGJsHhjzlSiKexwYqNbWdZcZOcSBR5wKJXPuzA4lilHbrZ9Bq2S0O0R/M/6UyaFH4tmYGVTtKluH2RMb5yDvXvhoGjRNX75ZBq9eHylWwm6xx7KNoF9BvRdZpCYmSI2PR5WRD1IYgGzIaibMh3a7aLysbovL2Vesw+6oM70NMXq1+7XBCCjilUbpaVqfcKXu0ym5FktE39KEn6CGMaGJenzmzyQeqmoqyzcfqGp1jVGWf7cW117uX0E3t62Het+8cHMqhnetg0JZyFINqulbUviLbS66fQSthN0naVyFQGrvJpdv6Z02YcrX20Cmx5JONouKCkHTpyAn65nCjSJe4uUap2ShSqqXxCXm5kuze2qqAYju3uAroolTWi6h8i7tfQdx95aTzzFFymY+0p9KFJL1Hksv5xPLjt+f3EqOPJYILc+4tp9OrkqT2TZLemSS9D0nhK6oV6UBJUboVSQo2mY53CCrJYCXRFrGbmvFCDs0UpKIyOh+VkTp7PI6SAy6dA/2LS5X3a3xZfFfJdhF+6dnl/TpXcK22M5GYve0vErmRT1mxUpFj3Gpck1t8KNtemVvcuYRbPH58yE9N2Tq1Cy+yuBIPWuPKmuKlQ3X5Vt2bRXjlFiEruiwsbQLI9t+LLajxEYgusYAOEZLqapukapVmaulKrWvP1Lyi7PdZtrUMynLhQ13gD182p1qYM79pvyvQfuHqrNFYYE+QCmseFjb/Nnk3MSSd04aaWrPMyIUyc74uTC99e8/KUJWzaU6tbktQVm/K8MqVIVkwSJfH8eLxAc7uwnfSpb2SSDX6AaCBRawiP74X7aiqWe2otvW6bUW5cJXI4TxgWWesehXStXQNKUhSDrvDwajTKEpSHrYpyAE8UJBVqUpx+v+oltNbTJp/OQFwtH+cx3spKjSoa0+XRiZ6GwdzD9nTJVtGd0J1307y7Y2esbDi1QR9Fc430fgc3I49XfK1v53OXasjtbpqR9V1id8zRdPbd1qbVE6obUlR9GpCy3wBclsqN1QslIPCYgyB/VCKRXCd03oWhoTDJ6nvGdUDTc6SotQT2lKnGBOWRaaSNGgXLRLDqiMaInPF7h+/T/ZbC+igKekNmRoyXzcrKAjvCKYdpapp59jVqJUb4G9EFFnIjez4Q+aVBQrY2n5nu2F7o4Bogw66FcqS7izXK2TkuF9S2EKXSkgh8kM8suaS2LktfkYYHIw2XqDr69fAQ+5KEAA2XMdEbE+b+qTQhlbSy1ky2OKCIbLAZxaWCcTAc6RQuKFfK4ecm/FXmvFXfup0h7nElZyrSlL0eKz9x6cv2i2uo4pMPK1drokn5Hb5NuecMeewvVFygRk32UErgXL7ar0/e4rPhCv5wI1akRsv5O1jw5839+VtuS8Pjw/NP9yF4QrbRLmkqlwYocjdXJjbdFJWBXE7uwWJGi05rWs6OXbRym06eVvTyZ89lShaVtzimum6ppJjV7bcxO1tiVtsvfHy88dKYIc/HCDvP100Hn1NkbDGEXGwN3CwRX1LCIS69tia8ZuufaO69o81b/hKZUWwu+ZFzZviSuXzq4oO2+69trKibpfs+tW4ZFmRql5u1wMxyW/B9jISvH74JzxVIDzOAmIuIJRmZwhEW5aT/cst9BomgzNnXBhgSQ4gMJNnwiMz6FEhbozMZH/wnGL0V8tluGX+13vSPbZxtj7y73ZLVgJ5cANGjU+fBuNJ7/M92ZJEmoZ709PTDj59qlPzVpfgVSVFUM+5I8WrVCWIojAlhzB/DpbkJ7Ys7e1nLzxQZS8CE/O3GnTy54FJeVzKIlQqWlWoFEXF3iIqRZUHQlRWV3iQX8hLTmwgOorUk7BDsSA72EryjTkkh6wYu2T90BMD0mtqsVphnpmsRtesY3KfYBdPNnaPUWOBTJO6fZUkN7IEaglyG7rovIAyCsHFBNrtJjELba91nl/fsGFfnp56d02P8eSzviMzqYy/SOrKEv0owiIDbCoAegDUX9D7vcLGGrthshsqQT+9cYcC0ay2c4r5M1hM7xzGYvLxLIYvk5NKw+qN5LxXZfgf</diagram></mxfile>
\ No newline at end of file diff --git a/schema/flow_events_diagram.png b/schema/flow_events_diagram.png Binary files differnew file mode 100644 index 000000000..61f9c3e27 --- /dev/null +++ b/schema/flow_events_diagram.png |
