++

Zainullin Damir · Zainullin Damir · commit c5b0e0fa53cd · 2025-10-03T14:06:55.000+02:00
diff --git a/src/plugins/process/basicPlus/README.md b/src/plugins/process/basicPlus/README.md
@@ -4,24 +4,24 @@ The **BasicPlus** plugin extends flow records with additional basic network info
 
 ## Features
 
-- Extends standard flow export data with additional fields.  
-- Extracts and exports key network-level fields for both directions of a flow.  
+- Extends standard flow export data with additional fields.
+- Extracts and exports key network-level fields for both directions of a flow.
 
 ## Output Fields
 
-| Field Name    | Data Type | Description |
-|---------------|-----------|-------------|
-| `IP_TTL`      | `uint8_t` | IP time-to-live (source → destination) |
-| `IP_TTL_REV`  | `uint8_t` | IP time-to-live (destination → source) |
-| `IP_FLG`      | `uint8_t` | IP flags (source → destination) |
-| `IP_FLG_REV`  | `uint8_t` | IP flags (destination → source) |
-| `TCP_WIN`     | `uint16_t`| TCP window size (source → destination) |
-| `TCP_WIN_REV` | `uint16_t`| TCP window size (destination → source) |
-| `TCP_OPT`     | `uint64_t`| TCP options (source → destination) |
-| `TCP_OPT_REV` | `uint64_t`| TCP options (destination → source) |
-| `TCP_MSS`     | `uint32_t`| TCP maximum segment size (source → destination) |
-| `TCP_MSS_REV` | `uint32_t`| TCP maximum segment size (destination → source) |
-| `TCP_SYN_SIZE`| `uint16_t`| TCP SYN packet size (only one per bidirectional flow) |
+| Field Name     | Data Type  | Description                                           |
+| -------------- | ---------- | ----------------------------------------------------- |
+| `IP_TTL`       | `uint8_t`  | IP time-to-live (source → destination)                |
+| `IP_TTL_REV`   | `uint8_t`  | IP time-to-live (destination → source)                |
+| `IP_FLG`       | `uint8_t`  | IP flags (source → destination)                       |
+| `IP_FLG_REV`   | `uint8_t`  | IP flags (destination → source)                       |
+| `TCP_WIN`      | `uint16_t` | TCP window size (source → destination)                |
+| `TCP_WIN_REV`  | `uint16_t` | TCP window size (destination → source)                |
+| `TCP_OPT`      | `uint64_t` | TCP options (source → destination)                    |
+| `TCP_OPT_REV`  | `uint64_t` | TCP options (destination → source)                    |
+| `TCP_MSS`      | `uint32_t` | TCP maximum segment size (source → destination)       |
+| `TCP_MSS_REV`  | `uint32_t` | TCP maximum segment size (destination → source)       |
+| `TCP_SYN_SIZE` | `uint16_t` | TCP SYN packet size (only one per bidirectional flow) |
 
 ## Usage
 
@@ -38,4 +38,4 @@ process_plugins:
 
 You can also enable the plugin directly from the command line:
 
-```ipfixprobe -p basicplus ...```
+`ipfixprobe -p basicplus ...`
diff --git a/src/plugins/process/bstats/README.md b/src/plugins/process/bstats/README.md
@@ -5,20 +5,20 @@ The **BurstStats Plugin** extends flow records with burst packet statistics to p
 ## Features
 
 - Consider packet to be a part of burst if it arrives within short time interval after previous packet.
-- Extracts and exports burst statistics from network flows. 
+- Extracts and exports burst statistics from network flows.
 
 ## Output Fields
 
-| Field Name      | Data Type | Description                                                 |
-|-----------------|-----------|-------------------------------------------------------------|
-| `SBI_BRST_PACKETS`| `uint32_t`  | Array of packet counts in each burst (source → destination)                  |
-| `SBI_BRST_BYTES`  | `uint32_t`  | Array of bytes in each burst (source → destination)                    |
-| `SBI_BRST_TIME_START` | `Timestamp` | Array of burst start times (source → destination)                   |
-| `SBI_BRST_TIME_STOP`  | `Timestamp` | Array of burst end times (source → destination)                     |
-| `DBI_BRST_PACKETS`| `uint32_t`  | Array of packets in each burst (destination → source)                  |
-| `DBI_BRST_BYTES`  | `uint32_t`  | Array of bytes in each burst (destination → source)                    |
-| `DBI_BRST_TIME_START` | `Timestamp` | Array of burst start times (destination → source)                   |
-| `DBI_BRST_TIME_STOP`  | `Timestamp` | Array of burst end times (destination → source)                     |
+| Field Name            | Data Type   | Description                                                 |
+| --------------------- | ----------- | ----------------------------------------------------------- |
+| `SBI_BRST_PACKETS`    | `uint32_t`  | Array of packet counts in each burst (source → destination) |
+| `SBI_BRST_BYTES`      | `uint32_t`  | Array of bytes in each burst (source → destination)         |
+| `SBI_BRST_TIME_START` | `Timestamp` | Array of burst start times (source → destination)           |
+| `SBI_BRST_TIME_STOP`  | `Timestamp` | Array of burst end times (source → destination)             |
+| `DBI_BRST_PACKETS`    | `uint32_t`  | Array of packets in each burst (destination → source)       |
+| `DBI_BRST_BYTES`      | `uint32_t`  | Array of bytes in each burst (destination → source)         |
+| `DBI_BRST_TIME_START` | `Timestamp` | Array of burst start times (destination → source)           |
+| `DBI_BRST_TIME_STOP`  | `Timestamp` | Array of burst end times (destination → source)             |
 
 ## Usage
 
@@ -35,4 +35,4 @@ process_plugins:
 
 You can also enable the plugin directly from the command line:
 
-```ipfixprobe -p bstats ...```
+`ipfixprobe -p bstats ...`
diff --git a/src/plugins/process/dns/README.md b/src/plugins/process/dns/README.md
@@ -9,19 +9,19 @@ The **DNS Plugin** extends flow records with DNS query and response information.
 
 ## Output Fields
 
-| Field Name      | Data Type | Description                                                 |
-|-----------------|-----------|----------------------------------------|
-| `DNS_ID`| `uint16_t`  | Unique identifier of the processed DNS query |
-| `DNS_ANSWERS`| `uint16_t`  | Number of answers in the processed DNS response |
-| `DNS_RCODE`| `uint8_t`  | Response code of the processed DNS response |
-| `DNS_QTYPE`| `uint16_t`  | Type of the DNS query |
-| `DNS_CLASS`| `uint16_t`  | Class of the DNS query |
-| `DNS_NAME`| `string`  | Domain name in the DNS query |
-| `DNS_RR_TTL`| `uint32_t`  | Time-to-live of the first DNS response |
-| `DNS_RLENGTH`| `uint16_t`  | Length of the first DNS response |
-| `DNS_RDATA`| `bytes`  | Data of the first DNS response |
-| `DNS_PSIZE`| `uint16_t`  | Length of the first DNS additional record from response |
-| `DNS_DO`| `uint8_t`  | DNSSEC OK flag of the first DNS additional record from response |
+| Field Name    | Data Type  | Description                                                     |
+| ------------- | ---------- | --------------------------------------------------------------- |
+| `DNS_ID`      | `uint16_t` | Unique identifier of the processed DNS query                    |
+| `DNS_ANSWERS` | `uint16_t` | Number of answers in the processed DNS response                 |
+| `DNS_RCODE`   | `uint8_t`  | Response code of the processed DNS response                     |
+| `DNS_QTYPE`   | `uint16_t` | Type of the DNS query                                           |
+| `DNS_CLASS`   | `uint16_t` | Class of the DNS query                                          |
+| `DNS_NAME`    | `string`   | Domain name in the DNS query                                    |
+| `DNS_RR_TTL`  | `uint32_t` | Time-to-live of the first DNS response                          |
+| `DNS_RLENGTH` | `uint16_t` | Length of the first DNS response                                |
+| `DNS_RDATA`   | `bytes`    | Data of the first DNS response                                  |
+| `DNS_PSIZE`   | `uint16_t` | Length of the first DNS additional record from response         |
+| `DNS_DO`      | `uint8_t`  | DNSSEC OK flag of the first DNS additional record from response |
 
 ## Usage
 
@@ -38,4 +38,4 @@ process_plugins:
 
 You can also enable the plugin directly from the command line:
 
-```ipfixprobe -p dns ...```
+`ipfixprobe -p dns ...`
diff --git a/src/plugins/process/dnssd/README.md b/src/plugins/process/dnssd/README.md
@@ -8,16 +8,17 @@ The **DNSSD Plugin** extends flow records with DNS-SD (DNS Service Discovery) qu
 
 ## Parameters
 
-| Long name | Short name | Type   | Default | Description                                                 |
-|-----------|------------|--------|---------|-------------------------------------------------------------|
-| `txt`     | `t`       | `Path to file`   | **Disabled** | If no file provided, processes all DNSSD TXT records. If a file is provided, only processes TXT records listed in the file. Whitelist format is `service.domain,txt_key1,txt_key2,...` |
+| Long name                                                                                                                        | Short name | Type           | Default      | Description                                           |
+| -------------------------------------------------------------------------------------------------------------------------------- | ---------- | -------------- | ------------ | ----------------------------------------------------- |
+| `txt`                                                                                                                            | `t`        | `Path to file` | **Disabled** | If no file provided, processes all DNSSD TXT records. |
+| If a file is provided, only processes TXT records listed in the file. Whitelist format is `service.domain,txt_key1,txt_key2,...` |
 
 ## Output Fields
 
-| Field Name      | Data Type | Description                                                 |
-|-----------------|-----------|----------------------------------------|
-| `DNSSD_QUERIES`| `string`  | Concatenated list of requested services | 
-| `DNSSD_RESPONSES`| `string`  | Concatenated list of processed DNS responses: name, src port, cpu, operating system, TXT record content |
+| Field Name        | Data Type | Description                                                                                             |
+| ----------------- | --------- | ------------------------------------------------------------------------------------------------------- |
+| `DNSSD_QUERIES`   | `string`  | Concatenated list of requested services                                                                 |
+| `DNSSD_RESPONSES` | `string`  | Concatenated list of processed DNS responses: name, src port, cpu, operating system, TXT record content |
 
 ## Usage
 
@@ -34,6 +35,6 @@ process_plugins:
 
 You can also enable the plugin directly from the command line:
 
-```ipfixprobe -p dnssd ...```
-```ipfixprobe -p "dnssd;txt" ...```
-```ipfixprobe -p "dnssd;txt=<path_to_file>" ...```
+`ipfixprobe -p dnssd ...`
+`ipfixprobe -p "dnssd;txt" ...`
+`ipfixprobe -p "dnssd;txt=<path_to_file>" ...`
diff --git a/src/plugins/process/nettisa/README.md b/src/plugins/process/nettisa/README.md
@@ -8,21 +8,21 @@ This plugin analyzes network data as time series, enabling more comprehensive an
 
 ## Output Fields
 
-| Field Name      | Data Type | Description                                                 |
-|-----------------|-----------|----------------------------------------|
-| `NTS_MEAN`     | `float` | Mean packet length over the flow duration.                  |
-| `NTS_MIN`      | `uint16_t` | Minimum packet length over the flow duration.               |
-| `NTS_MAX`      | `uint16_t` | Maximum packet length over the flow duration.               |
-| `NTS_STDEV`    | `float` | Standard deviation of packet lengths over the flow duration.    |
-| `NTS_KURTOSIS` | `float` | Kurtosis of packet lengths over the flow duration.           |
-| `NTS_ROOT_MEAN_SQUARE` | `float` | Root mean square of packet lengths over the flow duration.        |
-| `NTS_AVERAGE_DISPERSION` | `float` | Average dispersion of packet lengths over the flow duration.      |
-| `NTS_MEAN_SCALED_TIME` | `float` | Mean of packet lengths scaled by time over the flow duration.    |
-| `NTS_MEAN_DIFFTIMES` | `float` | Mean of time differences between packets over the flow duration. |
-| `NTS_MIN_DIFFTIMES` | `float` | Minimum of time differences between packets over the flow duration.  |
-| `NTS_MAX_DIFFTIMES` | `float` | Maximum of time differences between packets over the flow duration.  |
-| `NTS_TIME_DISTRIBUTION` | `float` | Sum of deviations from mean interpacket arrival times.         |
-| `NTS_SWITCHING_RATIO` | `float` | Ratio of packets when payload length changed in comparison to previous packet.            |
+| Field Name               | Data Type  | Description                                                                    |
+| ------------------------ | ---------- | ------------------------------------------------------------------------------ |
+| `NTS_MEAN`               | `float`    | Mean packet length over the flow duration.                                     |
+| `NTS_MIN`                | `uint16_t` | Minimum packet length over the flow duration.                                  |
+| `NTS_MAX`                | `uint16_t` | Maximum packet length over the flow duration.                                  |
+| `NTS_STDEV`              | `float`    | Standard deviation of packet lengths over the flow duration.                   |
+| `NTS_KURTOSIS`           | `float`    | Kurtosis of packet lengths over the flow duration.                             |
+| `NTS_ROOT_MEAN_SQUARE`   | `float`    | Root mean square of packet lengths over the flow duration.                     |
+| `NTS_AVERAGE_DISPERSION` | `float`    | Average dispersion of packet lengths over the flow duration.                   |
+| `NTS_MEAN_SCALED_TIME`   | `float`    | Mean of packet lengths scaled by time over the flow duration.                  |
+| `NTS_MEAN_DIFFTIMES`     | `float`    | Mean of time differences between packets over the flow duration.               |
+| `NTS_MIN_DIFFTIMES`      | `float`    | Minimum of time differences between packets over the flow duration.            |
+| `NTS_MAX_DIFFTIMES`      | `float`    | Maximum of time differences between packets over the flow duration.            |
+| `NTS_TIME_DISTRIBUTION`  | `float`    | Sum of deviations from mean interpacket arrival times.                         |
+| `NTS_SWITCHING_RATIO`    | `float`    | Ratio of packets when payload length changed in comparison to previous packet. |
 
 ## Usage
 
@@ -32,12 +32,11 @@ Add the plugin to your ipfixprobe YAML configuration:
 
 ```yaml
 process_plugins:
-  - nettisa 
+  - nettisa
 ```
 
 ### CLI Usage
 
 You can also enable the plugin directly from the command line:
 
-```ipfixprobe -p nettisa ...```
-
+`ipfixprobe -p nettisa ...`
