++

Author: Zadamsa

new-process-api/process/ovpn/src/openvpn.hpp

@@ -27,6 +27,10 @@
 
 namespace ipxp {
 
+/**
+ * @class OpenVPNPlugin
+ * @brief A plugin for detecting OpenVPN traffic.
+ */
 class OpenVPNPlugin : public ProcessPlugin {
 public:
 

new-process-api/process/passiveDns/src/passivedns.cpp

@@ -39,14 +39,6 @@ static const PluginManifest passiveDNSPluginManifest = {
 		},
 };
 
-const inline std::vector<FieldPair<PassiveDNSFields>> fields = {
-	{PassiveDNSFields::DNS_ID, "DNS_ID"},
-	{PassiveDNSFields::DNS_ATYPE, "DNS_ATYPE"},
-	{PassiveDNSFields::DNS_NAME, "DNS_NAME"},
-	{PassiveDNSFields::DNS_RR_TTL, "DNS_RR_TTL"},
-	{PassiveDNSFields::DNS_IP, "DNS_IP"},
-};
-
 static FieldSchema createPassiveDNSSchema(FieldManager& manager, FieldHandlers<PassiveDNSFields>& handlers) noexcept
 {
 	FieldSchema schema = fieldManager.createFieldSchema("passivedns");
@@ -259,11 +251,6 @@ PluginDataMemoryLayout DNSSDPlugin::getDataMemoryLayout() const noexcept
 	};
 }
 
-std::string PassiveDNSPlugin::getName() const noexcept
-{ 
-	return passiveDNSPluginManifest.name; 
-}
-
 static const PluginRegistrar<PassiveDNSPlugin, PluginFactory<ProcessPlugin, const std::string&, FieldManager&>>
 	passiveDNSRegistrar(passiveDNSPluginManifest);
 

new-process-api/process/passiveDns/src/passivedns.hpp

@@ -1,13 +1,15 @@
 /**
  * @file
- * @brief Plugin for parsing basicplus traffic.
+ * @brief Plugin for parsing DNS responses.
  * @author Jiri Havranek <[email protected]>
  * @author Pavel Siska <[email protected]>
+ * @author Damir Zainullin <[email protected]>
  * @date 2025
  *
- * Copyright (c) 2025 CESNET
- *
- * SPDX-License-Identifier: BSD-3-Clause
+ * Provides a plugin that parses DNS A, AAAA, PTR responses,
+ * stores them in per-flow plugin data, and exposes fields via FieldManager.
+ * 
+ * @copyright Copyright (c) 2025 CESNET, z.s.p.o.
  */
 
 #pragma once
@@ -23,18 +25,55 @@
 
 namespace ipxp {
 
+/**
+ * @class PassiveDNSPlugin
+ * @brief A plugin for parsing DNS responses.
+ */
 class PassiveDNSPlugin : public ProcessPlugin {
 public:
+
+	/**
+	 * @brief Constructs the PassiveDNS plugin.
+	 *
+	 * @param parameters Plugin parameters as a string (currently unused).
+	 * @param fieldManager Reference to the FieldManager for field registration.
+	 */
 	PassiveDNSPlugin(const std::string& params, FieldManager& manager);
 
+	/**
+	 * @brief Initializes plugin data for a new flow.
+	 *
+	 * Removes plugin if neither source nor destination port is 53.
+	 * Constructs `PassiveDNSData` in `pluginContext`.
+	 * Tries to parse DNS if its a response and updates `PassiveDNSData` with parsed values.
+	 *
+	 * @param flowContext Contextual information about the flow to fill new record.
+	 * @param pluginContext Pointer to pre-allocated memory to create record.
+	 * @return Result of the initialization process.
+	 */
 	PluginInitResult onInit(const FlowContext& flowContext, void* pluginContext) override;
 
+	/**
+	 * @brief Updates plugin data with values from new packet.
+	 *
+	 * Parses DNS responses to fill `PassiveDNSData`.
+	 *
+	 * @param flowContext Contextual information about the flow to be updated.
+	 * @param pluginContext Pointer to `PassiveDNSData`.
+	 * @return Result of the update, may not require new packets if burst storage is full.
+	 */
 	PluginUpdateResult onUpdate(const FlowContext& flowContext, void* pluginContext) override;
 
+	/**
+	 * @brief Cleans up and destroys `PassiveDNSData`.
+	 * @param pluginContext Pointer to `PassiveDNSData`.
+	 */
 	void onDestroy(void* pluginContext) override;
 
-	std::string getName() const noexcept override;
-
+	/**
+	 * @brief Provides the memory layout of `PassiveDNSData`.
+	 * @return Memory layout description for the plugin data.
+	 */
 	PluginDataMemoryLayout getDataMemoryLayout() const noexcept override;
 
 private:

new-process-api/process/passiveDns/src/passivednsData.hpp

@@ -1,3 +1,12 @@
+/**
+ * @file
+ * @brief Export data of passive DNS plugin.
+ * @author Damir Zainullin <[email protected]>
+ * @date 2025
+ *
+ * @copyright Copyright (c) 2025 CESNET, z.s.p.o.
+ */
+
 #pragma once
 
 #include <boost/static_string.hpp>
@@ -8,6 +17,10 @@
 namespace ipxp
 {
 
+/**
+ * @struct PassiveDNSData
+ * @brief Struct representing passive DNS export data.
+ */
 struct PassiveDNSData {
 	DNSQueryType type;
 	uint16_t id;

new-process-api/process/passiveDns/src/passivednsFields.hpp

@@ -1,10 +1,25 @@
+/**
+ * @file
+ * @brief Export fields of bstats plugin.
+ * @author Damir Zainullin <[email protected]>
+ * @date 2025
+ *
+ * @copyright Copyright (c) 2025 CESNET, z.s.p.o.
+ */
+
 #pragma once
 
 #include <cstddef>
 
 namespace ipxp
 {
 
+/**
+ * @enum PassiveDNSFields
+ * @brief Enumerates the fields exported by the PassiveDNS plugin.
+ *
+ * These enum values are used to index field handlers for this plugin.
+ */
 enum class PassiveDNSFields : std::size_t {
 	DNS_ID = 0,
 	DNS_ATYPE,

new-process-api/process/phists/src/packetHistogram.cpp

@@ -1,13 +1,15 @@
 /**
  * @file
- * @brief Plugin for parsing basicplus traffic.
- * @author Jiri Havranek <havranek@cesnet.cz>
+ * @brief Plugin for parsing phists traffic.
+ * @author Karel Hynek <[email protected].cz>
  * @author Pavel Siska <[email protected]>
+ * @author Damir Zainullin <[email protected]>
  * @date 2025
  *
- * Copyright (c) 2025 CESNET
- *
- * SPDX-License-Identifier: BSD-3-Clause
+ * Provides a plugin that creates histograms based on packet sizes and inter-arrival times,
+ * stores them in per-flow plugin data, and exposes fields via FieldManager.
+ * 
+ * @copyright Copyright (c) 2025 CESNET, z.s.p.o.
  */
 
 #include "packetHistogram.hpp"
@@ -201,11 +203,6 @@ PluginDataMemoryLayout DNSSDPlugin::getDataMemoryLayout() const noexcept
 	};
 }
 
-std::string PacketHistogramPlugin::getName() const noexcept
-{
-	return packetHistogramPluginManifest.name;
-}
-
 static const PluginRegistrar<PacketHistogramPlugin, PluginFactory<ProcessPlugin, const std::string&, FieldManager&>>
 	packetHistogramRegistrar(packetHistogramPluginManifest);
 

new-process-api/process/phists/src/packetHistogram.hpp

@@ -1,13 +1,15 @@
 /**
  * @file
- * @brief Plugin for parsing basicplus traffic.
- * @author Jiri Havranek <havranek@cesnet.cz>
+ * @brief Plugin for parsing phists traffic.
+ * @author Karel Hynek <[email protected].cz>
  * @author Pavel Siska <[email protected]>
+ * @author Damir Zainullin <[email protected]>
  * @date 2025
  *
- * Copyright (c) 2025 CESNET
- *
- * SPDX-License-Identifier: BSD-3-Clause
+ * Provides a plugin that creates histograms based on packet sizes and inter-arrival times,
+ * stores them in per-flow plugin data, and exposes fields via FieldManager.
+ * 
+ * @copyright Copyright (c) 2025 CESNET, z.s.p.o.
  */
 
 #pragma once
@@ -23,26 +25,76 @@
 
 namespace ipxp {
 
+/**
+ * @class PacketHistogramPlugin
+ * @brief A plugin for collecting and exporting packet histogram statistics.
+ * 
+ * Empty packets can optionally be omitted from statistics.
+ */
 class PacketHistogramPlugin : public ProcessPlugin {
 public:
+
+	/**
+	 * @brief Constructs the PacketHistogram plugin.
+	 *
+	 * @param parameters Plugin parameters as a string (currently unused).
+	 * @param fieldManager Reference to the FieldManager for field registration.
+	 */
 	PacketHistogramPlugin(const std::string& params, FieldManager& manager);
 
+	/**
+	 * @brief Initializes plugin data for a new flow.
+	 *
+	 * Constructs `PacketHistogramData` in `pluginContext` and initializes histograms
+	 * with values from the first packet.
+	 *
+	 * @param flowContext Contextual information about the flow to fill new record.
+	 * @param pluginContext Pointer to pre-allocated memory to create record.
+	 * @return Result of the initialization process, always requires new packets.
+	 */
 	PluginInitResult onInit(const FlowContext& flowContext, void* pluginContext) override;
 
+	/**
+	 * @brief Updates plugin data with values from new packet.
+	 *
+	 * Updates histograms of `PacketHistogramData` with length and inter-arrival time.
+	 *
+	 * @param flowContext Contextual information about the flow to be updated.
+	 * @param pluginContext Pointer to `PacketHistogramData`.
+	 * @return Result of the update, always requires new packets.
+	 */
 	PluginUpdateResult onUpdate(const FlowContext& flowContext, void* pluginContext) override;
 
+	/**
+	 * @brief Prepare the export data.
+	 *
+	 * Removes record if it seems to be TCP scan.
+	 * Sets all fields as available otherwise.
+	 *
+	 * @param flowRecord The flow record containing aggregated flow data.
+	 * @param pluginContext Pointer to `PacketHistogramData`.
+	 * @return Remove plugin if it is TCP scan.
+	 */
 	PluginExportResult onExport(const FlowRecord& flowRecord, void* pluginContext) override;
 
+	/**
+	 * @brief Cleans up and destroys `PacketHistogramData`.
+	 * @param pluginContext Pointer to `PacketHistogramData`.
+	 */
 	void onDestroy(void* pluginContext) override;
 
-	std::string getName() const noexcept override;
-
+	/**
+	 * @brief Provides the memory layout of `PacketHistogramData`.
+	 * @return Memory layout description for the plugin data.
+	 */
 	PluginDataMemoryLayout getDataMemoryLayout() const noexcept override;
 
 private:
 	void updateExportData(
 		const std::size_t realPacketLength, const uint64_t packetTimestamp, const Direction direction, PacketHistogramData& pluginData) noexcept;
 
+	bool m_countEmptyPackets{false};
+
 	FieldHandlers<PacketHistogramFields> m_fieldHandlers;
 };
 

new-process-api/process/phists/src/packetHistogramData.hpp

@@ -1,3 +1,12 @@
+/**
+ * @file
+ * @brief Export data of packet histogram plugin.
+ * @author Damir Zainullin <[email protected]>
+ * @date 2025
+ *
+ * @copyright Copyright (c) 2025 CESNET, z.s.p.o.
+ */
+
 #pragma once
 
 #include <array>
@@ -7,14 +16,17 @@
 namespace ipxp
 {
 
+/**
+ * @struct PacketHistogramData
+ * @brief Struct representing flow packet histogram statistics based on lengths and inter-arrival times.
+ */
 struct PacketHistogramData {
     constexpr static std::size_t HISTOGRAM_SIZE = 8;
 	DirectionalField<std::array<uint32_t, HISTOGRAM_SIZE>> packetLengths;
 	DirectionalField<std::array<uint32_t, HISTOGRAM_SIZE>> packetTimediffs;
 
 	struct {
-		DirectionalField<std::optional<uint64_t>> m_lastTimestamps;
-		bool m_countEmptyPackets{false};
+		DirectionalField<std::optional<uint64_t>> lastTimestamps;
 	} processingState;
 
 };  

new-process-api/process/phists/src/packetHistogramFields.hpp

@@ -1,10 +1,25 @@
+/**
+ * @file
+ * @brief Export fields of packet histogram plugin.
+ * @author Damir Zainullin <[email protected]>
+ * @date 2025
+ *
+ * @copyright Copyright (c) 2025 CESNET, z.s.p.o.
+ */
+
 #pragma once
 
 #include <cstddef>
 
 namespace ipxp
 {
 
+/**
+ * @enum PacketHistogramFields
+ * @brief Enumerates the fields exported by the PacketHistogram plugin.
+ *
+ * These enum values are used to index field handlers for this plugin.
+ */
 enum class PacketHistogramFields : std::size_t {
 	S_PHISTS_SIZES = 0,
 	S_PHISTS_IPT,

new-process-api/process/pstats/src/packetStats.cpp

@@ -7,9 +7,10 @@
  * @author Damir Zainullin <[email protected]>
  * @date 2025
  *
- * Copyright (c) 2025 CESNET
- *
- * SPDX-License-Identifier: BSD-3-Clause
+ * Provides a plugin that calculates packet statistics as flags, acknowledgments, and sequences within flows,
+ * stores it in per-flow plugin data, and exposes that field via FieldManager.
+ * 
+ * @copyright Copyright (c) 2025 CESNET, z.s.p.o.
  */
 
 #include "packetStats.hpp"