diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2022-03-13 03:08:44 +0100 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2022-03-13 03:08:44 +0100 |
| commit | daaaa615197d8551457ecf926f6df30c6482a70a (patch) | |
| tree | 643e945b30efe9e64d436febb26d47503e121512 /schema/error_event_schema.json | |
| parent | ed1647b9446f84d81d41e8e28ccf063eff97b2f7 (diff) | |
Renamed basic event to error event for the sake of the logic.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'schema/error_event_schema.json')
| -rw-r--r-- | schema/error_event_schema.json | 163 |
1 files changed, 163 insertions, 0 deletions
diff --git a/schema/error_event_schema.json b/schema/error_event_schema.json new file mode 100644 index 000000000..a9080d13f --- /dev/null +++ b/schema/error_event_schema.json @@ -0,0 +1,163 @@ +{ + "type": "object", + "required": [ + "alias", + "source", + "packet_id", + "error_event_id", + "error_event_name", + "datalink", + "global_ts_msec" + ], + + "if": { + "properties": { "error_event_name": { "enum": [ "Unknown datalink layer packet", "Unknown packet type" ] } } + }, + "then": { + "anyOf": [ + { "required": [ "layer_type" ] }, + { "not": { "required": [ "thread_id" ] } } + ] + }, + + "if": { + "properties": { "error_event_name": { "enum": [ "Unknown L3 protocol" ] } } + }, + "then": { + "anyOf": [ + { "required": [ "protocol" ] }, + { "not": { "required": [ "thread_id" ] } } + ] + }, + + "if": { + "properties": { "error_event_name": { "enum": [ "Packet too short", "IP4 packet too short", + "IP6 packet too short", "TCP packet smaller than expected", + "UDP packet smaller than expected", + "Captured packet size is smaller than expected packet size" ] } } + }, + "then": { + "anyOf": [ + { "required": [ "size", "expected" ] }, + { "not": { "required": [ "thread_id" ] } } + ] + }, + + "if": { + "properties": { "error_event_name": { "enum": [ "Packet header invalid" ] } } + }, + "then": { + "anyOf": [ + { "required": [ "raeson" ] }, + { "not": { "required": [ "thread_id" ] } } + ] + }, + + "if": { + "properties": { "error_event_name": { "enum": [ "Flow memory allocation failed" ] } } + }, + "then": { + "required": [ "thread_id", "size" ] + }, + + "if": { + "properties": { "error_event_name": { "enum": [ "Max flows to track reached" ] } } + }, + "then": { + "required": [ "thread_id", "current_active", "current_idle", "max_active", "max_idle" ] + }, + + "properties": { + "alias": { + "type": "string" + }, + "source": { + "type": "string" + }, + "thread_id": { + "type": "number" + }, + "packet_id": { + "type": "number", + "minimum": 0 + }, + "error_event_id": { + "type": "number", + "minimum": 0, + "maximum": 16 + }, + "error_event_name": { + "type": "string", + "enum": [ + "Unknown datalink layer packet", + "Unknown L3 protocol", + "Unsupported datalink layer", + "Packet too short", + "Unknown packet type", + "Packet header invalid", + "IP4 packet too short", + "Packet smaller than IP4 header", + "nDPI IPv4/L4 payload detection failed", + "IP6 packet too short", + "Packet smaller than IP6 header", + "nDPI IPv6/L4 payload detection failed", + "TCP packet smaller than expected", + "UDP packet smaller than expected", + "Captured packet size is smaller than expected packet size", + "Max flows to track reached", + "Flow memory allocation failed" + ] + }, + + "datalink": { + "type": "number", + "minimum": 0, + "maximum": 292 + }, + + "layer_type": { + "type": "number", + "minimum": 0 + }, + + "l4_data_len": { + "type": "number", + "minimum": 0 + }, + + "reason": { + "type": "string" + }, + + "protocol": { + "type": "number", + "minimum": 0, + "maximum": 65535 + }, + + "size": { + "type": "number" + }, + "expected": { + "type": "number" + }, + + "current_active": { + "type": "number" + }, + "current_idle": { + "type": "number" + }, + "max_active": { + "type": "number" + }, + "max_idle": { + "type": "number" + }, + "global_ts_msec": { + "type": "number", + "minimum": 0 + } + }, + "additionalProperties": false +} |