You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardexpand all lines: Format.md
+2-2
Original file line number
Diff line number
Diff line change
@@ -45,9 +45,9 @@ Example:
45
45
In more detail, the JSON format consists of a bracketed sequence of records in braces. Each record has the following fields:
46
46
47
47
* The "Event" field specifies what kind of event is being reported. This field can take on the following values: "new" for newly seen connections, "change" when the connection's identifying parameters such as port numbers of QUIC connection identifiers change, "delete" for connections deleted, "spinflip" for a flip of the QUIC spin bit in a connection, "spin" for any value of a spin bit in a QUIC connection, "measurement" for new RTT measurements, and "ecnce" for ECN-related events.
48
-
* The "Type" field specifies the type of a connection. This field can take on the following basic values: "UDP", "TCP", "QUIC", "DNS", "COAP", and "ICMP". In addition, it is possible to specify aggregate connections; these take on the following types: "HOSTS" for a host-to-host aggregate, "H2NET" for a host-to-network aggregate, "NET2NET" for a network-to-network aggregate, and "MCAST" for a multicast group aggregate.
48
+
* The "Type" field specifies the type of a connection. This field can take on the following basic values: "UDP", "TCP", "QUIC", "DNS", "COAP", "ICMP" and "SCTP". In addition, it is possible to specify aggregate connections; these take on the following types: "HOSTS" for a host-to-host aggregate, "H2NET" for a host-to-network aggregate, "NET2NET" for a network-to-network aggregate, and "MCAST" for a multicast group aggregate.
49
49
* The "Addrs" field specifies addresses associated with the connection or aggregate.
50
-
* The "Session" field specifies the session identifiers associated with the connection, if any. For TCP and UDP connections these are the port numbers, for QUIC the connection IDs, and for ICMP the identifier field.
50
+
* The "Session" field specifies the session identifiers associated with the connection, if any. For TCP and UDP connections these are the port numbers, for QUIC the connection IDs, for ICMP the identifier field and for SCTP the verification tags and the port numbers.
51
51
* The "Ts" is the timestamp, number of microseconds since the start of January 1, 1970. Note that the number is represented as an integer, given that the 53 bits of integer precision in JSON integers is sufficient. About 20 bits are needed for the microseconds part, which leaves 43 bits for the integer seconds parts; enough until year 280892.
52
52
* The "State" field is the state of the connection, either "Starting", "Up", "Closing", or "Closed".
Copy file name to clipboardexpand all lines: Library.md
+3-3
Original file line number
Diff line number
Diff line change
@@ -37,7 +37,7 @@ Finally, you need to clean up the resources used by the analyzer. Like this:
37
37
38
38
spindump_analyze_uninitialize(analyzer);
39
39
40
-
That's the basic usage of the analyzer, using the built-in functions of looking at TCP, QUIC, ICMP, UDP, and DNS connections and their roundtrips.
40
+
That's the basic usage of the analyzer, using the built-in functions of looking at TCP, QUIC, ICMP, UDP, DNS, and SCTP connections and their roundtrips.
41
41
42
42
The software does not communicate the results in any fashion at this point; any use of the collected information about connections would be up to the program that calls the analyzer; the information is merely collected in an in-memory data structure about current connections. A simple use of the collected information would be to store the data for later statistical analysis, or to summarize in in some fashion, e.g., by looking at average round-trip times to popular destinations.
43
43
@@ -77,7 +77,7 @@ But in the end, when a handler has been registered, if the noted event occurs th
77
77
78
78
In the first part of the code above, a handler is registered to be called upon seeing a new RTT measurement being registered. The second part of the code is the implementation of that handler function. In this case, once a measurement has been made, the function "myhandler" is called. The packet that triggered the event (if any) is given by "packet" and the connection it is associated with is "connection". For the connection delete events (as they can come due to timeouts), the packet structure is otherwise empty except for the timestamp (packet->timestamp) of the deletion.
79
79
80
-
All RTT measurements and other data that may be useful is stored in the connection object. See spindump_connections_struct.h for more information. For instance, the type of the connection (TCP, UDP, QUIC, DNS, ICMP) can be determined by looking at the connection->type field.
80
+
All RTT measurements and other data that may be useful is stored in the connection object. See spindump_connections_struct.h for more information. For instance, the type of the connection (TCP, UDP, QUIC, DNS, ICMP, SCTP) can be determined by looking at the connection->type field.
81
81
82
82
The RTT data can be accessed also via the connection object. For instance, in the above "myhandler" function one could print an RTT measurement as follows:
83
83
@@ -120,7 +120,7 @@ See the API functions in the [Analyzer API definition](https://github.com/Ericss
120
120
121
121
This object represents a single connection observed by the analyzer. The full description of that object needs to be added later, but here are some of the key fields that are relevant:
122
122
123
-
* connection->type indicates the type of the connection (TCP, ICMP, QUIC, etc)
123
+
* connection->type indicates the type of the connection (TCP, ICMP, QUIC, SCTP, etc)
124
124
* connection->creationTime indicates when the first packet for the connection was seen
125
125
* connection->packetsFromSide1 counts the number of packets sent from the initiator to the responder
126
126
* connection->packetsFromSide2 counts the number of packets sent from the initiator to the initiator
Copy file name to clipboardexpand all lines: README.md
+1-1
Original file line number
Diff line number
Diff line change
@@ -4,7 +4,7 @@
4
4
5
5
The "Spindump" tool is a Unix command-line utility that can be used for latency monitoring in traffic passing through an interface. The tool performs passive, in-network monitoring. It is not a tool to monitor traffic content or metadata of individual connections, and indeed that is not possible in the Internet as most connections are encrypted.
6
6
7
-
The tool looks at the characteristics of transport protocols, such as the QUIC Spin Bit, and attempts to derive information about round-trip times for individual connections or for the aggregate or average values. The tool supports TCP, QUIC, COAP, DNS, and ICMP traffic. There's also an easy way to anonymize connection information so that the resulting statistics cannot be used to infer anything about specific connections or users.
7
+
The tool looks at the characteristics of transport protocols, such as the QUIC Spin Bit, and attempts to derive information about round-trip times for individual connections or for the aggregate or average values. The tool supports TCP, QUIC, COAP, DNS, ICMP, and SCTP traffic. There's also an easy way to anonymize connection information so that the resulting statistics cannot be used to infer anything about specific connections or users.
8
8
9
9
The software is under development, and subject to research on best algorithms.
Copy file name to clipboardexpand all lines: doc/api/analyzer.md
+1-1
Original file line number
Diff line number
Diff line change
@@ -167,7 +167,7 @@ Called when there's an ECN congestion event from the responder (server) of a con
167
167
168
168
The library allocates memory as needed using malloc and free, and upon calling the analyzer uninitialization function, no allocated memory remains.
169
169
170
-
Some of the allocation sizes can be changed in the relevant header files or through -D flag settings in the makefiles. For instance, the default number of sequence numbers stored for tracking TCP ACKs and COAP requests is 50, as defined in src/spindump_seq.h:
170
+
Some of the allocation sizes can be changed in the relevant header files or through -D flag settings in the makefiles. For instance, the default number of sequence numbers stored for tracking TCP ACKs, SCTP SACKs and COAP requests is 50, as defined in src/spindump_seq.h:
Copy file name to clipboardexpand all lines: doc/api/connection.md
+1-1
Original file line number
Diff line number
Diff line change
@@ -8,7 +8,7 @@ The detailed data structure is as follows:
8
8
9
9
This object represents a single connection observed by the analyzer. The full description of that object needs to be added later, but here are some of the key fields that are relevant:
10
10
11
-
* connection->type indicates the type of the connection (TCP, ICMP, QUIC, etc)
11
+
* connection->type indicates the type of the connection (TCP, ICMP, QUIC, SCTP, etc)
12
12
* connection->creationTime indicates when the first packet for the connection was seen
13
13
* connection->packetsFromSide1 counts the number of packets sent from the initiator to the responder
14
14
* connection->packetsFromSide2 counts the number of packets sent from the initiator to the initiator
0 commit comments