diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2021-02-17 14:00:10 +0100 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2021-02-17 14:00:10 +0100 |
| commit | a1805eb89195f9079105a5b256395306c42ede95 (patch) | |
| tree | 7fa56a09a7a0ce4a07df8d7d550dc1e80dd60ddc /schema | |
| parent | 893f43705132dfeb64dd33dc8697193f463708c0 (diff) | |
Added JSON schema files and a Python schema validator.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'schema')
| -rw-r--r-- | schema/basic_event_schema.json | 82 | ||||
| -rw-r--r-- | schema/daemon_event_schema.json | 67 | ||||
| -rw-r--r-- | schema/flow_event_schema.json | 159 | ||||
| -rw-r--r-- | schema/packet_event_schema.json | 88 |
4 files changed, 396 insertions, 0 deletions
diff --git a/schema/basic_event_schema.json b/schema/basic_event_schema.json new file mode 100644 index 000000000..626602ad2 --- /dev/null +++ b/schema/basic_event_schema.json @@ -0,0 +1,82 @@ +{ + "type": "object", + "required": [ + "alias", + "source", + "thread_id", + "packet_id", + "basic_event_id", + "basic_event_name" + ], + "properties": { + "alias": { + "type": "string" + }, + "source": { + "type": "string" + }, + "thread_id": { + "type": "number" + }, + "packet_id": { + "type": "number" + }, + "basic_event_id": { + "type": "number", + "minimum": 0, + "maximum": 16 + }, + "basic_event_name": { + "type": "string" + }, + "datalink": { + "type": "number", + "minimum": 0, + "maximum": 265 + }, + "header": { + "type": "number" + }, + "type": { + "type": "number", + "minimum": 0, + "maximum": 65535 + }, + "protocol": { + "type": "number", + "minimum": 0, + "maximum": 65535 + }, + "caplen": { + "type": "number" + }, + "len": { + "type": "number" + }, + "ip_size": { + "type": "number" + }, + "expected": { + "type": "number" + }, + "l4_data_len": { + "type": "number" + }, + "header_len": { + "type": "number" + }, + "size": { + "type": "number" + }, + "current_active": { + "type": "number" + }, + "current_idle": { + "type": "number" + }, + "max_active": { + "type": "number" + } + }, + "additionalProperties": false +} diff --git a/schema/daemon_event_schema.json b/schema/daemon_event_schema.json new file mode 100644 index 000000000..020b55161 --- /dev/null +++ b/schema/daemon_event_schema.json @@ -0,0 +1,67 @@ +{ + "type": "object", + "required": [ + "alias", + "source", + "thread_id", + "packet_id", + "daemon_event_id", + "daemon_event_name" + ], + "properties": { + "alias": { + "type": "string" + }, + "source": { + "type": "string" + }, + "thread_id": { + "type": "number", + "minimum": 0, + "maximum": 31 + }, + "packet_id": { + "type": "number", + "minimum": 1 + }, + "daemon_event_id": { + "type": "number", + "minimum": 0, + "maximum": 3 + }, + "daemon_event_name": { + "type": "string", + "enum": [ + "invalid", + "init", + "reconnect", + "shutdown" + ] + }, + "max-flows-per-thread": { + "type": "number" + }, + "max-idle-flows-per-thread": { + "type": "number" + }, + "tick-resolution": { + "type": "number" + }, + "reader-thread-count": { + "type": "number" + }, + "idle-scan-period": { + "type": "number" + }, + "max-idle-time": { + "type": "number" + }, + "tcp-max-post-end-flow-time": { + "type": "number" + }, + "max-packets-per-flow-to-send": { + "type": "number" + } + }, + "additionalProperties": false +} diff --git a/schema/flow_event_schema.json b/schema/flow_event_schema.json new file mode 100644 index 000000000..6ed7c4615 --- /dev/null +++ b/schema/flow_event_schema.json @@ -0,0 +1,159 @@ +{ + "type": "object", + "required": [ + "alias", + "source", + "thread_id", + "packet_id", + "flow_event_id", + "flow_event_name", + "flow_id", + "flow_packet_id", + "flow_first_seen", + "flow_last_seen", + "flow_min_l4_data_len", + "flow_max_l4_data_len", + "flow_tot_l4_data_len", + "flow_avg_l4_data_len", + "l3_proto", + "l4_proto", + "midstream", + "src_ip", + "dst_ip" + ], + "properties": { + "alias": { + "type": "string" + }, + "source": { + "type": "string" + }, + "thread_id": { + "type": "number", + "minimum": 0, + "maximum": 31 + }, + "packet_id": { + "type": "number", + "minimum": 1 + }, + "flow_event_id": { + "type": "number", + "minimum": 0, + "maximum": 7 + }, + "flow_event_name": { + "type": "string", + "enum": [ + "invalid", + "new", + "end", + "idle", + "guessed", + "detected", + "detection-update", + "not-detected" + ] + }, + "flow_datalink": { + "type": "number", + "minimum": 0, + "maximum": 265 + }, + "flow_id": { + "type": "number", + "minimum": 1 + }, + "flow_packet_id": { + "type": "number" + }, + "flow_first_seen": { + "type": "number" + }, + "flow_last_seen": { + "type": "number" + }, + "flow_max_packets": { + "type": "number" + }, + "flow_min_l4_data_len": { + "type": "number" + }, + "flow_max_l4_data_len": { + "type": "number" + }, + "flow_tot_l4_data_len": { + "type": "number" + }, + "flow_avg_l4_data_len": { + "type": "number" + }, + "l3_proto": { + "type": "string", + "enum": [ + "ip4", + "ip6", + "unknown" + ] + }, + "l4_proto": { + "type": "string", + "oneOf": [ + { + "pattern": "[0-9]+" + }, + { + "enum": [ + "tcp", + "udp", + "icmp", + "icmp6" + ] + } + ] + }, + "midstream": { + "type": "number", + "minimum": 0, + "maximum": 1 + }, + "src_ip": { + "type": "string" + }, + "dst_ip": { + "type": "string" + }, + "src_port": { + "type": "number", + "minimum": 1, + "maximum": 65535 + }, + "dst_port": { + "type": "number", + "minimum": 1, + "maximum": 65535 + }, + "ndpi": { + "type": "object" + }, + "tls": { + "type": "object" + }, + "quic": { + "type": "object" + }, + "http": { + "type": "object" + }, + "smtp": { + "type": "object" + }, + "dns": { + "type": "object" + }, + "ssh": { + "type": "object" + } + }, + "additionalProperties": false +} diff --git a/schema/packet_event_schema.json b/schema/packet_event_schema.json new file mode 100644 index 000000000..d3f5a77d9 --- /dev/null +++ b/schema/packet_event_schema.json @@ -0,0 +1,88 @@ +{ + "type": "object", + "required": [ + "alias", + "source", + "thread_id", + "packet_id", + "packet_event_id", + "packet_event_name" + ], + "properties": { + "alias": { + "type": "string" + }, + "source": { + "type": "string" + }, + "thread_id": { + "type": "number" + }, + "packet_id": { + "type": "number" + }, + "packet_event_id": { + "type": "number", + "minimum": 0, + "maximum": 2 + }, + "packet_event_name": { + "type": "string", + "enum": [ + "invalid", + "packet", + "packet-flow" + ] + }, + "flow_id": { + "type": "number", + "minimum": 1 + }, + "flow_packet_id": { + "type": "number" + }, + "pkt_caplen": { + "type": "number", + "minimum": 1, + "maximum": 65535 + }, + "pkt_type": { + "type": "number", + "minimum": 0, + "maximum": 65535 + }, + "pkt_oversize": { + "type": "boolean" + }, + "pkt_l3_offset": { + "type": "number", + "minimum": 0, + "maximum": 65535 + }, + "pkt_l4_len": { + "type": "number", + "minimum": 0, + "maximum": 65535 + }, + "pkt_l4_offset": { + "type": "number", + "minimum": 0, + "maximum": 65535 + }, + "pkt_len": { + "type": "number", + "minimum": 0, + "maximum": 65535 + }, + "pkt_ts_usec": { + "type": "number" + }, + "pkt_ts_sec": { + "type": "number" + }, + "pkt": { + "type": "string" + } + }, + "additionalProperties": false +} |