diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2022-01-31 20:38:58 +0100 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2022-01-31 20:54:02 +0100 |
| commit | 1a0d7ddbfaccc20e081a2fcd0a27495c166e1dbe (patch) | |
| tree | 05195d13f935abf90f48b06a381c0a847d55fc18 /schema | |
| parent | 7022d0b1c57b4b6233fc2bd89d03328a5f90208e (diff) | |
Process additional layer 3 protocols.
* bump libnDPI to c53c82d4823b5a8f856d1375155ac5112b68e8af
* run_tests.sh: improved execution from non-git directories e.g. via `make dist`
* updated JSON schema to be more restrictive
* nDPId: splitted generic get_ip_from_sockaddr into IPv4/IPv6 to prevent compiler warnings on some platforms
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'schema')
| -rw-r--r-- | schema/basic_event_schema.json | 112 | ||||
| -rw-r--r-- | schema/flow_event_schema.json | 52 | ||||
| -rw-r--r-- | schema/packet_event_schema.json | 7 |
3 files changed, 124 insertions, 47 deletions
diff --git a/schema/basic_event_schema.json b/schema/basic_event_schema.json index 958b4316c..1dad5d11b 100644 --- a/schema/basic_event_schema.json +++ b/schema/basic_event_schema.json @@ -6,8 +6,55 @@ "thread_id", "packet_id", "basic_event_id", - "basic_event_name" + "basic_event_name", + "datalink" ], + + "if": { + "properties": { "basic_event_name": { "enum": [ "Unknown datalink layer packet", "Unknown packet type" ] } } + }, + "then": { + "required": [ "layer_type" ] + }, + + "if": { + "properties": { "basic_event_name": { "enum": [ "Unknown L3 protocol" ] } } + }, + "then": { + "required": [ "protocol" ] + }, + + "if": { + "properties": { "basic_event_name": { "enum": [ "Packet too short", "IP4 packet too short", + "IP6 packet too short", "TCP packet smaller than expected", + "UDP packet smaller than expected", + "Captured packet size is smaller than expected packet size" ] } } + }, + "then": { + "required": [ "size", "expected" ] + }, + + "if": { + "properties": { "basic_event_name": { "enum": [ "Packet header invalid" ] } } + }, + "then": { + "required": [ "raeson" ] + }, + + "if": { + "properties": { "basic_event_name": { "enum": [ "Flow memory allocation failed" ] } } + }, + "then": { + "required": [ "size" ] + }, + + "if": { + "properties": { "basic_event_name": { "enum": [ "Max flows to track reached" ] } } + }, + "then": { + "required": [ "current_active", "current_idle", "max_active", "max_idle" ] + }, + "properties": { "alias": { "type": "string" @@ -28,47 +75,61 @@ "maximum": 16 }, "basic_event_name": { - "type": "string" - }, + "type": "string", + "enum": [ + "Unknown datalink layer packet", + "Unknown L3 protocol", + "Unsupported datalink layer", + "Packet too short", + "Unknown packet type", + "Packet header invalid", + "IP4 packet too short", + "Packet smaller than IP4 header", + "nDPI IPv4/L4 payload detection failed", + "IP6 packet too short", + "Packet smaller than IP6 header", + "nDPI IPv6/L4 payload detection failed", + "TCP packet smaller than expected", + "UDP packet smaller than expected", + "Captured packet size is smaller than expected packet size", + "Max flows to track reached", + "Flow memory allocation failed" + ] + }, + "datalink": { "type": "number", "minimum": 0, "maximum": 265 }, - "header": { - "type": "number" + + "layer_type": { + "type": "number", + "minimum": 0 }, - "type": { + + "l4_data_len": { "type": "number", - "minimum": 0, - "maximum": 65535 + "minimum": 0 }, + + "reason": { + "type": "string" + }, + "protocol": { "type": "number", "minimum": 0, "maximum": 65535 }, - "caplen": { - "type": "number" - }, - "len": { - "type": "number" - }, - "ip_size": { + + "size": { "type": "number" }, "expected": { "type": "number" }, - "l4_data_len": { - "type": "number" - }, - "header_len": { - "type": "number" - }, - "size": { - "type": "number" - }, + "current_active": { "type": "number" }, @@ -77,6 +138,9 @@ }, "max_active": { "type": "number" + }, + "max_idle": { + "type": "number" } }, "additionalProperties": false diff --git a/schema/flow_event_schema.json b/schema/flow_event_schema.json index 3b84f77cf..1a715dcc2 100644 --- a/schema/flow_event_schema.json +++ b/schema/flow_event_schema.json @@ -23,36 +23,22 @@ "src_ip", "dst_ip" ], + "if": { - "properties": { "flow_event_name": { "const": "update" } } + "properties": { "flow_event_name": { "enum": [ "new", "end", "idle", "update" ] } } }, "then": { "required": [ "flow_datalink", "flow_max_packets" ] }, + "if": { - "properties": { "flow_event_name": { "const": "not-detected" } } - }, - "then": { - "required": [ "ndpi" ] - }, - "if": { - "properties": { "flow_event_name": { "const": "guessed" } } - }, - "then": { - "required": [ "ndpi" ] - }, - "if": { - "properties": { "flow_event_name": { "const": "detected" } } - }, - "then": { - "required": [ "ndpi" ] - }, - "if": { - "properties": { "flow_event_name": { "const": "detection-update" } } + "properties": { "flow_event_name": { "enum": [ "guessed", "detected", + "detection-update", "not-detected" ] } } }, "then": { "required": [ "ndpi" ] }, + "properties": { "alias": { "type": "string" @@ -186,7 +172,31 @@ "maximum": 65535 }, "ndpi": { - "type": "object" + "type": "object", + "required": [ "proto", "breed" ], + + "if": { + "properties": { "proto": { "enum": [ "Unknown", "Skype_Teams" ] } } + }, + "then": { + "return": true + }, + "else": { + "required": [ "category" ] + }, + + "proto": { + "type": "string" + }, + "category": { + "type": "string" + }, + "breed": { + "type": "string" + }, + "flow_risk": { + "type": "object" + } }, "entropy": { "type": "number" diff --git a/schema/packet_event_schema.json b/schema/packet_event_schema.json index 0b53ae99c..675c4fb14 100644 --- a/schema/packet_event_schema.json +++ b/schema/packet_event_schema.json @@ -16,15 +16,18 @@ "pkt_l4_len", "ts_msec" ], + "dependencies" : { "flow_id" : [ "flow_packet_id", "flow_last_seen", "flow_idle_time" ] }, + "if": { - "properties": { "packet_event_name": { "const": "packet-flow" } } + "properties": { "packet_event_name": { "enum": ["packet-flow"] } } }, "then": { - "required": [ "flow_id" ] + "required": [ "flow_id", "flow_packet_id", "flow_last_seen", "flow_idle_time" ] }, + "properties": { "alias": { "type": "string" |