CESNET
diff --git a/‎_developer/BSTATS.md‎
Lines changed: 45 additions & 0 deletions b/‎_developer/BSTATS.md‎
Lines changed: 45 additions & 0 deletions
diff --git a/‎_developer/DNS-SD.md‎
Lines changed: 15 additions & 0 deletions b/‎_developer/DNS-SD.md‎
Lines changed: 15 additions & 0 deletions
diff --git a/‎_developer/DNS.md‎
Lines changed: 60 additions & 0 deletions b/‎_developer/DNS.md‎
Lines changed: 60 additions & 0 deletions
diff --git a/‎_developer/Flow Hash.md‎
Lines changed: 10 additions & 0 deletions b/‎_developer/Flow Hash.md‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎_developer/HTTP.md‎
Lines changed: 50 additions & 0 deletions b/‎_developer/HTTP.md‎
Lines changed: 50 additions & 0 deletions
diff --git a/‎_developer/ICMP.md‎
Lines changed: 11 additions & 0 deletions b/‎_developer/ICMP.md‎
Lines changed: 11 additions & 0 deletions
diff --git a/‎_developer/IDPContent.md‎
Lines changed: 15 additions & 0 deletions b/‎_developer/IDPContent.md‎
Lines changed: 15 additions & 0 deletions
diff --git a/‎_developer/MPLS.md‎
Lines changed: 10 additions & 0 deletions b/‎_developer/MPLS.md‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎_developer/MQTT.md‎
Lines changed: 40 additions & 0 deletions b/‎_developer/MQTT.md‎
Lines changed: 40 additions & 0 deletions
diff --git a/‎_developer/NTP.md‎
Lines changed: 70 additions & 0 deletions b/‎_developer/NTP.md‎
Lines changed: 70 additions & 0 deletions
@@ -0,0 +1,45 @@
+---
+title: BSTATS
+description: List of fields exported together with basic flow fields on the interface by BSTATS plugin. The plugin is compiled to export the first BSTATS_MAXELENCOUNT (15 by default) burst in each direction. The bursts are computed separately for each direction. Burst is defined by MINIMAL_PACKETS_IN_BURST (3 by default) and by MAXIMAL_INTERPKT_TIME (1000 ms by default) between packets to be included in a burst. When the flow contains less then MINIMAL_PACKETS_IN_BURST packets, the fields are not exported to reduce output bandwidth.    
+fields: 
+  -
+    name: "SBI_BRST_PACKETS"
+    type: "uint32*"
+    ipfix: "0/291"
+    value: " 	SRC->DST: Number of packets transmitted in ith burst"
+  -
+    name: "SBI_BRST_BYTES"
+    type: "uint32*"
+    ipfix: "0/291"
+    value: " 	SRC->DST: Number of bytes transmitted in ith burst"
+  -
+    name: "SBI_BRST_TIME_START"
+    type: "time*"
+    ipfix: "0/291"
+    value: " 	SRC->DST: Start time of the ith burst"
+  -
+    name: "SBI_BRST_TIME_STOP"
+    type: "time*"
+    ipfix: "0/291"
+    value: " 	SRC->DST: End time of the ith burst"
+  -
+    name: "DBI_BRST_PACKETS"
+    type: "uint32*"
+    ipfix: "0/291"
+    value: " 	DST->SRC: Number of packets transmitted in ith burst"
+  -
+    name: "DBI_BRST_BYTES"
+    type: "uint32*"
+    ipfix: "0/291"
+    value: " 	DST->SRC: Number of bytes transmitted in ith burst"
+  -
+    name: "DBI_BRST_TIME_START"
+    type: "time*"
+    ipfix: "0/291"
+    value: " 	DST->SRC: Start time of the ith burst"
+  -
+    name: "DBI_BRST_TIME_STOP"
+    type: "time*"
+    ipfix: "0/291"
+    value: " 	DST->SRC: End time of the ith burst"
+---
@@ -0,0 +1,15 @@
+---
+title: DNS-SD
+description: List of unirec fields exported together with basic flow fields on interface by DNS-SD plugin.    
+fields: 
+  -
+    name: "DNSSD_QUERIES"
+    type: "string"
+    ipfix: "8057/826"
+    value: " 	list of queries for services"
+  -
+    name: "DNSSD_RESPONSES"
+    type: "string"
+    ipfix: "8057/827"
+    value: " 	list of advertised services"
+---
@@ -0,0 +1,60 @@
+---
+title: DNS
+description: List of unirec fields exported together with basic flow fields on interface by DNS plugin.   
+fields: 
+  - 
+    name: "DNS_ID"
+    type:  "uint16"
+    ipfix: "8057/10"
+    value:  "transaction ID"
+  - 
+    name: "DNS_ANSWERS"
+    type:   "uint16"
+    ipfix: "8057/14"
+    value:  "number of DNS answer records"
+  - 
+    name: "DNS_RCODE"
+    type:   "uint8"
+    ipfix: "8057/1"
+    value:   "response code field"
+  - 
+    name: "DNS_NAME"
+    type:  "string"
+    ipfix: "8057/2"
+    value:  "question domain name"
+  - 
+    name: "DNS_QTYPE"
+    type:   "uint16"
+    ipfix: "8057/3"
+    value:  "question type field"
+  - 
+    name: "DNS_CLASS"
+    type:   "uint16"
+    ipfix: "8057/4"
+    value:  "class field of DNS question"
+  - 
+    name: "DNS_RR_TTL"
+    type:  "uint32"
+    ipfix: "8057/5"
+    value:  "resource record TTL field"
+  - 
+    name: "DNS_RLENGTH"
+    type:   "uint16"
+    ipfix: "8057/6"
+    value:  "length of DNS_RDATA"
+  - 
+    ipfix: "8057/7"
+    name: "DNS_RDATA"
+    type:   "bytes"
+    value:   "resource record specific data"
+  - 
+    name: "DNS_PSIZE"
+    type:   "uint16"
+    ipfix: "8057/8"
+    value:  "requestor's payload size"
+  - 
+    name: "DNS_DO"
+    type:  "uint8"
+    ipfix: "8057/9"
+    value:   "DNSSEC OK bit"
+---
@@ -0,0 +1,10 @@
+---
+title: Flow Hash
+description: List of fields exported together with basic flow fields on interface by flow_hash plugin.    
+fields: 
+  -
+    name: "FLOW_ID"
+    type: "uint64"
+    ipfix: "0/148"
+    value: " 	Hash of the flow - unique flow id"
+---
@@ -0,0 +1,50 @@
+---
+title: HTTP
+description: List of unirec fields exported together with basic flow fields on interface by HTTP plugin.    
+fields: 
+  - 
+    name: "HTTP_DOMAIN"
+    type:   "string"
+    ipfix: "39499/1"
+    value: "HTTP request host"
+  - 
+    name: "HTTP_URI"
+    type:  "string"
+    ipfix: "39499/2"
+    value: "HTTP request url"
+  - 
+    name: "HTTP_USERAGENT"
+    type:  "string"
+    ipfix: "39499/20"
+    value: "HTTP request user agent"
+  - 
+    name: "HTTP_REFERER"
+    type:  "string"
+    ipfix: "39499/3"
+    value: "HTTP request referer"
+  - 
+    name: "HTTP_STATUS"
+    type:   "uint16"
+    ipfix: "39499/12"
+    value: "HTTP response code"
+  - 
+    name: "HTTP_CONTENT_TYPE"
+    type:  "string"
+    ipfix: "39499/10"
+    value: "HTTP response content type"
+  - 
+    name: "HTTP_METHOD"
+    type:  "string"
+    ipfix: "39499/200"
+    value: "HTTP request method"
+  - 
+    name: "HTTP_SERVER"
+    type:  "string"
+    ipfix: "39499/201"
+    value: "HTTP response server"
+  - 
+    name: "HTTP_SET_COOKIE_NAMES"
+    type:  "string"
+    ipfix: "39499/202"
+    value: "HTTP response all set-cookie names separated by a delimiter"
+---
@@ -0,0 +1,11 @@
+---
+title: ICMP
+description: List of fields exported together with basic flow fields on interface by icmp plugin.    
+fields: 
+  -
+    name: "L4_ICMP_TYPE_CODE"
+    type: "uint16"
+    ipfix: "0/32"
+    value: " 	ICMP type (MSB) and code (LSB)"
+
+---
@@ -0,0 +1,15 @@
+---
+title: IDPContent
+description: List of fields exported together with basic flow fields on the interface by IDPContent plugin. The plugin is compiled to export IDPCONTENT_SIZE (100 by default) bytes from the first data packet in SRC -> DST direction, and the first data packet in DST -> SRC direction.    
+fields: 
+  -
+    name: "IDP_CONTENT"
+    type: "bytes"
+    ipfix: "8057/850"
+    value: "  Content of first data packet from SRC -> DST"
+  -
+    name: "IDP_CONTENT_REV"
+    type: "bytes"
+    ipfix: "8057/851"
+    value: "  Content of first data packet from DST -> SRC"
+---
@@ -0,0 +1,10 @@
+---
+title: MPLS
+description: List of fields exported together with basic flow fields on interface by mpls plugin.    
+fields: 
+  -
+    name: "MPLS_TOP_LABEL_STACK_SECTION"
+    type: "bytes"
+    ipfix: "0/70"
+    value: " 	MPLS label section (without TTL), always 3 bytes"
+---
@@ -0,0 +1,40 @@
+---
+title: MQTT
+description: List of unirec fields exported together with basic flow fields on interface by MQTT plugin.    
+fields: 	
+  -
+    name: "MQTT_TYPE_CUMULATIVE"
+    type: "uint16"
+    ipfix: "8057/1033"
+    value: "  types of packets and session present flag cumulative"
+  -
+    name: "MQTT_VERSION"
+    type: "uint8"
+    ipfix: "8057/1034"
+    value: "  MQTT version"
+  -
+    name: "MQTT_CONNECTION_FLAGS"
+    type: "uint8"
+    ipfix: "8057/1035"
+    value: "  last CONNECT packet flags"
+  -
+    name: "MQTT_KEEP_ALIVE"
+    type: "uint16"
+    ipfix: "8057/1036"
+    value: "  last CONNECT keep alive"
+  -
+    name: "MQTT_CONNECTION_RETURN_CODE"
+    type: "uint8"
+    ipfix: "8057/1037"
+    value: "  last CONNECT return code"
+  -
+    name: "MQTT_PUBLISH_FLAGS"
+    type: "uint8"
+    ipfix: "8057/1038"
+    value: "  cumulative of PUBLISH packet flags"
+  -
+    name: "MQTT_TOPICS"
+    type: "string"
+    ipfix: "8057/1039"
+    value: "  topics from PUBLISH packets headers"
+---
@@ -0,0 +1,70 @@
+---
+title: NTP
+description: List of unirec fields exported together with basic flow fields on interface by NTP plugin.    
+fields: 
+  -
+    name: "NTP_LEAP"
+    type: "uint8"
+    ipfix: "8057/18"
+    value: " 	NTP leap field"
+  -
+    name: "NTP_VERSION"
+    type: "uint8"
+    ipfix: "8057/19"
+    value: " 	NTP message version"
+  -
+    name: "NTP_MODE"
+    type: "uint8"
+    ipfix: "8057/20"
+    value: " 	NTP mode field"
+  -
+    name: "NTP_STRATUM"
+    type: "uint8"
+    ipfix: "8057/21"
+    value: " 	NTP stratum field"
+  -
+    name: "NTP_POLL"
+    type: "uint8"
+    ipfix: "8057/22"
+    value: " 	NTP poll interval"
+  -
+    name: "NTP_PRECISION"
+    type: "uint8"
+    ipfix: "8057/23"
+    value: " 	NTP precision field"
+  -
+    name: "NTP_DELAY"
+    type: "uint32"
+    ipfix: "8057/24"
+    value: " 	NTP root delay"
+  -
+    name: "NTP_DISPERSION"
+    type: "uint32"
+    ipfix: "8057/25"
+    value: " 	NTP root dispersion"
+  -
+    name: "NTP_REF_ID"
+    type: "string"
+    ipfix: "8057/26"
+    value: " 	NTP reference ID"
+  -
+    name: "NTP_REF"
+    type: "string"
+    ipfix: "8057/27"
+    value: " 	NTP reference timestamp"
+  -
+    name: "NTP_ORIG"
+    type: "string"
+    ipfix: "8057/28"
+    value: " 	NTP origin timestamp"
+  -
+    name: "NTP_RECV"
+    type: "string"
+    ipfix: "8057/29"
+    value: " 	NTP receive timestamp"
+  -
+    name: "NTP_SENT"
+    type: "string"
+    ipfix: "8057/30"
+    value: " 	NTP transmit timestamp"
+---