diff options
Diffstat (limited to 'log-stream/schema/proxy_event.json')
| -rw-r--r-- | log-stream/schema/proxy_event.json | 1543 |
1 files changed, 1543 insertions, 0 deletions
diff --git a/log-stream/schema/proxy_event.json b/log-stream/schema/proxy_event.json new file mode 100644 index 0000000..b151d6c --- /dev/null +++ b/log-stream/schema/proxy_event.json @@ -0,0 +1,1543 @@ +{ + "type": "record", + "name": "proxy_event", + "namespace": "tsg_galaxy_v3", + "doc": { + "primary_key": "common_log_id", + "partition_key": "common_recv_time", + "functions": { + "$ref": "public_schema_info.json#/functions" + }, + "schema_query": { + "dimensions": [ + "common_server_ip", + "common_client_ip", + "common_internal_ip", + "common_external_ip", + "common_policy_id", + "common_sub_action", + "common_sled_ip", + "common_device_id", + "common_client_location", + "common_server_location", + "common_subscriber_id", + "common_client_port", + "common_server_port", + "common_schema_type", + "common_data_center", + "common_device_group", + "common_app_behavior", + "common_client_asn", + "common_server_asn", + "common_imei", + "common_imsi", + "common_phone_number", + "http_host", + "http_domain", + "http_url", + "http_cookie", + "http_referer", + "http_user_agent", + "doh_host", + "doh_qname" + ], + "metrics": [ + "common_server_ip", + "common_client_ip", + "common_internal_ip", + "common_external_ip", + "common_subscriber_id", + "common_sled_ip", + "common_device_id", + "common_sessions", + "common_c2s_byte_num", + "common_s2c_byte_num", + "common_imei", + "common_imsi", + "common_phone_number", + "http_host", + "http_domain", + "http_url", + "http_cookie", + "http_referer", + "http_user_agent", + "doh_host", + "doh_qname" + ], + "filters": [ + "common_policy_id", + "common_sub_action", + "common_address_type", + "common_server_ip", + "common_client_ip", + "common_internal_ip", + "common_external_ip", + "common_client_port", + "common_server_port", + "common_client_location", + "common_server_location", + "common_subscriber_id", + "common_l4_protocol", + "common_data_center", + "common_device_group", + "common_app_behavior", + "common_sled_ip", + "common_device_id", + "common_client_asn", + "common_server_asn", + "common_direction", + "common_schema_type", + "common_imei", + "common_imsi", + "common_phone_number", + "http_host", + "http_domain", + "http_url", + "http_cookie", + "http_referer", + "http_user_agent", + "http_request_content_type", + "http_response_content_type", + "doh_host", + "doh_qname" + ], + "references": { + "$ref": "public_schema_info.json#/schema_query/references" + }, + "details": { + "general": [ + "common_recv_time", + "common_log_id", + "common_stream_trace_id", + "common_direction", + "common_stream_dir", + "common_start_time", + "common_end_time", + "common_con_duration_ms", + "common_establish_latency_ms", + "common_processing_time", + "common_ingestion_time", + "common_entrance_id", + "common_device_id", + "common_egress_link_id", + "common_ingress_link_id", + "common_isp", + "common_data_center", + "common_device_group", + "common_sled_ip" + ], + "action": [ + "common_action", + "common_sub_action", + "common_policy_id", + "common_user_tags", + "common_user_region" + ], + "source": [ + "common_client_ip", + "common_internal_ip", + "common_client_port", + "common_client_location", + "common_client_asn", + "common_subscriber_id", + "common_imei", + "common_imsi", + "common_phone_number" + ], + "destination": [ + "common_server_ip", + "common_external_ip", + "common_server_port", + "common_server_location", + "common_server_asn" + ], + "application": [ + "common_app_id", + "common_userdefine_app_name", + "common_app_label", + "common_app_surrogate_id", + "common_l7_protocol", + "common_protocol_label", + "common_service_category", + "common_service", + "common_l4_protocol", + "common_app_behavior" + ], + "transmission": [ + "common_sessions", + "common_c2s_pkt_num", + "common_s2c_pkt_num", + "common_c2s_byte_num", + "common_s2c_byte_num", + "common_c2s_pkt_diff", + "common_s2c_pkt_diff", + "common_c2s_byte_diff", + "common_s2c_byte_diff", + "common_c2s_ipfrag_num", + "common_s2c_ipfrag_num", + "common_c2s_tcp_lostlen", + "common_s2c_tcp_lostlen", + "common_c2s_tcp_unorder_num", + "common_s2c_tcp_unorder_num", + "common_c2s_pkt_retrans", + "common_s2c_pkt_retrans", + "common_c2s_byte_retrans", + "common_s2c_byte_retrans", + "common_first_ttl", + "common_tcp_client_isn", + "common_tcp_server_isn", + "common_mirrored_pkts", + "common_mirrored_bytes" + ], + "other": [ + "common_address_type", + "common_schema_type", + "common_device_tag", + "common_encapsulation", + "common_tunnels", + "common_address_list", + "common_has_dup_traffic", + "common_stream_error", + "common_link_info_c2s", + "common_link_info_s2c", + "common_packet_capture_file" + ] + } + }, + "schema_type": { + "HTTP": { + "$ref": "public_schema_info.json#/schema_type/HTTP" + }, + "DoH": { + "$ref": "public_schema_info.json#/schema_type/DoH" + } + }, + "default_columns": [ + "common_recv_time", + "common_log_id", + "common_policy_id", + "common_client_ip", + "common_server_ip", + "common_server_port", + "common_sub_action", + "common_schema_type" + ], + "internal_columns": [ + "common_recv_time", + "common_log_id", + "common_processing_time", + "common_ingestion_time", + "common_packet_capture_file", + "http_request_body", + "http_response_body" + ], + "tunnel_type": { + "$ref": "public_schema_info.json#/tunnel_type" + } + }, + "fields": [ + { + "name": "common_recv_time", + "label": "Receive Time", + "doc": { + "constraints": { + "type": "timestamp" + } + }, + "type": "long" + }, + { + "name": "common_log_id", + "label": "Log ID", + "doc": { + "format": { + "functions": "snowflake_id" + } + }, + "type": "long" + }, + { + "name": "common_policy_id", + "label": "Policy ID", + "type": "long" + }, + { + "name": "common_subscriber_id", + "label": "Subscriber ID", + "type": "string" + }, + { + "name": "common_imei", + "label": "IMEI", + "type": "string" + }, + { + "name": "common_imsi", + "label": "IMSI", + "type": "string" + }, + { + "name": "common_phone_number", + "label": "Phone Number", + "type": "string" + }, + { + "name": "common_client_ip", + "label": "Client IP", + "doc": { + "constraints": { + "type": "ip" + }, + "format": { + "functions": "geo_asn,radius_match", + "appendTo": "common_client_asn,common_subscriber_id" + } + }, + "type": "string" + }, + { + "name": "common_internal_ip", + "label": "Internal IP", + "doc": { + "constraints": { + "type": "ip" + }, + "format": { + "functions": "if", + "param": "$.common_direction=69,$.common_client_ip,$.common_server_ip" + } + }, + "type": "string" + }, + { + "name": "common_client_port", + "label": "Client Port", + "type": "int" + }, + { + "name": "common_l4_protocol", + "label": "L4 Protocol", + "type": "string" + }, + { + "name": "common_address_type", + "label": "Address Type", + "doc": { + "constraints": { + "operator_functions": "=,!=" + }, + "data": [ + { + "code": "4", + "value": "ipv4" + }, + { + "code": "6", + "value": "ipv6" + } + ] + }, + "type": "int" + }, + { + "name": "common_server_ip", + "label": "Server IP", + "doc": { + "constraints": { + "type": "ip" + }, + "format": { + "functions": "geo_asn", + "appendTo": "common_server_asn" + } + }, + "type": "string" + }, + { + "name": "common_server_port", + "label": "Server Port", + "type": "int" + }, + { + "name": "common_external_ip", + "label": "External IP", + "doc": { + "constraints": { + "type": "ip" + }, + "format": { + "functions": "if", + "param": "$.common_direction=73,$.common_client_ip,$.common_server_ip" + } + }, + "type": "string" + }, + { + "name": "common_action", + "label": "Action", + "doc": { + "constraints": { + "operator_functions": "=,!=" + }, + "data": [ + { + "code": "0", + "value": "None" + }, + { + "code": "1", + "value": "Monitor" + }, + { + "code": "2", + "value": "Intercept" + }, + { + "code": "16", + "value": "Deny" + }, + { + "code": "48", + "value": "Manipulation" + }, + { + "code": "128", + "value": "Allow" + } + ] + }, + "type": "int" + }, + { + "name": "common_direction", + "label": "Direction", + "doc": { + "constraints": { + "operator_functions": "=,!=" + }, + "data": [ + { + "code": "69", + "value": "outbound" + }, + { + "code": "73", + "value": "inbound" + } + ] + }, + "type": "int" + }, + { + "name": "common_entrance_id", + "label": "Entrance ID", + "doc": { + "visibility": "disabled" + }, + "type": "int" + }, + { + "name": "common_sled_ip", + "label": "Sled IP", + "doc": { + "constraints": { + "type": "ip" + } + }, + "type": "string" + }, + { + "name": "common_client_location", + "label": "Client Location", + "type": "string" + }, + { + "name": "common_client_asn", + "label": "Client ASN", + "type": "string" + }, + { + "name": "common_server_location", + "label": "Server Location", + "type": "string" + }, + { + "name": "common_server_asn", + "label": "Server ASN", + "type": "string" + }, + { + "name": "common_sessions", + "label": "Sessions", + "doc": { + "visibility": "disabled", + "format": { + "functions": "set_value", + "param": "1" + } + }, + "type": "long" + }, + { + "name": "common_c2s_pkt_num", + "label": "Packets Sent", + "doc": { + "visibility": "disabled" + }, + "type": "long" + }, + { + "name": "common_s2c_pkt_num", + "label": "Packets Received", + "doc": { + "visibility": "disabled" + }, + "type": "long" + }, + { + "name": "common_c2s_byte_num", + "label": "Bytes Sent", + "type": "long" + }, + { + "name": "common_s2c_byte_num", + "label": "Bytes Received", + "type": "long" + }, + { + "name": "common_c2s_pkt_diff", + "label": "Packets Sent(Diff)", + "doc": { + "visibility": "disabled" + }, + "type": "long" + }, + { + "name": "common_s2c_pkt_diff", + "label": "Packets Received(Diff)", + "doc": { + "visibility": "disabled" + }, + "type": "long" + }, + { + "name": "common_c2s_byte_diff", + "label": "Bytes Sent(Diff)", + "doc": { + "visibility": "disabled" + }, + "type": "long" + }, + { + "name": "common_s2c_byte_diff", + "label": "Bytes Received(Diff)", + "doc": { + "visibility": "disabled" + }, + "type": "long" + }, + { + "name": "common_service", + "label": "Service", + "doc": { + "visibility": "disabled" + }, + "type": "int" + }, + { + "name": "common_schema_type", + "label": "Schema Type", + "doc": { + "constraints": { + "operator_functions": "=,!=" + }, + "data": [ + { + "code": "HTTP", + "value": "HTTP" + }, + { + "code": "DoH", + "value": "DoH" + } + ] + }, + "type": "string" + }, + { + "name": "common_user_tags", + "label": "User Tags", + "doc": { + "visibility": "disabled" + }, + "type": "string" + }, + { + "name": "common_sub_action", + "label": "Sub Action", + "doc": { + "constraints": { + "operator_functions": "=,!=" + }, + "data": [ + { + "code": "allow", + "value": "Allow" + }, + { + "code": "deny", + "value": "Deny" + }, + { + "code": "monitor", + "value": "Monitor" + }, + { + "code": "replace", + "value": "Replace" + }, + { + "code": "redirect", + "value": "Redirect" + }, + { + "code": "insert", + "value": "Insert" + }, + { + "code": "hijack", + "value": "Hijack" + }, + { + "code": "edit_element", + "value": "Edit Element" + } + ] + }, + "type": "string" + }, + { + "name": "common_user_region", + "label": "User Region", + "doc": { + "visibility": "disabled" + }, + "type": "string" + }, + { + "name": "common_device_id", + "label": "Device ID", + "type": "string" + }, + { + "name": "common_egress_link_id", + "label": "Egress Link ID", + "doc": { + "visibility": "disabled" + }, + "type": "int" + }, + { + "name": "common_ingress_link_id", + "label": "Ingress Link ID", + "doc": { + "visibility": "disabled" + }, + "type": "int" + }, + { + "name": "common_isp", + "label": "ISP", + "doc": { + "visibility": "disabled" + }, + "type": "string" + }, + { + "name": "common_device_tag", + "label": "Device Tag", + "doc": { + "visibility": "disabled" + }, + "type": "string" + }, + { + "name": "common_data_center", + "label": "Data Center", + "doc": { + "constraints": { + "operator_functions": "=,!=" + }, + "data": { + "$ref": "device_tag.json#", + "key": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagValue']", + "value": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagName']" + }, + "visibility": "disabled" + }, + "type": "string" + }, + { + "name": "common_device_group", + "label": "Device Group", + "doc": { + "constraints": { + "operator_functions": "=,!=" + }, + "data": { + "$ref": "device_tag.json#", + "key": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagValue']", + "value": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagName']" + } + }, + "type": "string" + }, + { + "name": "common_app_behavior", + "label": "Application Behavior", + "doc": { + "visibility": "disabled" + }, + "type": "string" + }, + { + "name": "common_encapsulation", + "label": "Encapsulation", + "doc": { + "constraints": { + "operator_functions": "=,!=" + }, + "data": { + "$ref": "public_schema_info.json#/fields/common_encapsulation/data" + }, + "visibility": "disabled" + }, + "type": "int" + }, + { + "name": "common_app_label", + "label": "Application Label", + "doc": { + "visibility": "disabled" + }, + "type": "string" + }, + { + "name": "common_tunnels", + "label": "Tunnels", + "doc": { + "visibility": "disabled" + }, + "type": "string" + }, + { + "name": "common_protocol_label", + "label": "Protocol Label", + "doc": { + "visibility": "disabled" + }, + "type": "string" + }, + { + "name": "common_app_id", + "label": "Application ID", + "type": "string", + "doc": { + "visibility": "disabled" + } + }, + { + "name": "common_userdefine_app_name", + "label": "User Define APP Name", + "type": "string", + "doc": { + "visibility": "disabled" + } + }, + { + "name": "common_app_surrogate_id", + "label": "Surrogate ID", + "type": "string", + "doc": { + "visibility": "disabled" + } + }, + { + "name": "common_l7_protocol", + "label": "L7 Protocol", + "type": "string", + "doc": { + "visibility": "disabled" + } + }, + { + "name": "common_service_category", + "label": "FQDN Category", + "doc": { + "visibility": "disabled", + "constraints": { + "operator_functions": "has" + }, + "dict_location": { + "path": "/v1/category/dict", + "key": "categoryId", + "value": "categoryName" + } + }, + "type": { + "type": "array", + "items": "int" + } + }, + { + "name": "common_start_time", + "label": "Start Time", + "doc": { + "allow_query": "false", + "constraints": { + "type": "timestamp" + } + }, + "type": "long" + }, + { + "name": "common_end_time", + "label": "End Time", + "doc": { + "allow_query": "false", + "constraints": { + "type": "timestamp" + }, + "format": { + "functions": "get_value", + "appendTo": "common_recv_time" + } + }, + "type": "long" + }, + { + "name": "common_establish_latency_ms", + "label": "Establish Latency(ms)", + "doc": { + "visibility": "disabled" + }, + "type": "long" + }, + { + "name": "common_con_duration_ms", + "label": "Duration(ms)", + "doc": { + "visibility": "disabled" + }, + "type": "long" + }, + { + "name": "common_stream_dir", + "label": "Stream Direction", + "doc": { + "constraints": { + "operator_functions": "=,!=" + }, + "data": [ + { + "code": "1", + "value": "c2s" + }, + { + "code": "2", + "value": "s2c" + }, + { + "code": "3", + "value": "double" + } + ] + }, + "type": "int" + }, + { + "name": "common_address_list", + "label": "Address List", + "doc": { + "visibility": "disabled" + }, + "type": "string" + }, + { + "name": "common_has_dup_traffic", + "label": "Duplication Traffic", + "doc": { + "constraints": { + "operator_functions": "=,!=" + }, + "data": { + "$ref": "public_schema_info.json#/fields/common_has_dup_traffic/data" + }, + "visibility": "disabled" + }, + "type": "int" + }, + { + "name": "common_stream_error", + "label": "Stream Error", + "doc": { + "visibility": "disabled" + }, + "type": "string" + }, + { + "name": "common_stream_trace_id", + "label": "Session ID", + "type": "long" + }, + { + "name": "common_link_info_c2s", + "label": "Link Info(c2s)", + "doc": { + "visibility": "disabled" + }, + "type": "string" + }, + { + "name": "common_link_info_s2c", + "label": "Link Info(s2c)", + "doc": { + "visibility": "disabled" + }, + "type": "string" + }, + { + "name": "common_packet_capture_file", + "label": "Packet Capture File", + "doc": { + "visibility": "disabled", + "constraints": { + "type": "file" + } + }, + "type": "string" + }, + { + "name": "common_c2s_ipfrag_num", + "label": "Fragmentation Packets(c2s)", + "doc": { + "visibility": "disabled" + }, + "type": "long" + }, + { + "name": "common_s2c_ipfrag_num", + "label": "Fragmentation Packets(s2c)", + "doc": { + "visibility": "disabled" + }, + "type": "long" + }, + { + "name": "common_c2s_tcp_lostlen", + "label": "Sequence Gap Loss(c2s)", + "doc": { + "visibility": "disabled" + }, + "type": "long" + }, + { + "name": "common_s2c_tcp_lostlen", + "label": "Sequence Gap Loss(s2c)", + "doc": { + "visibility": "disabled" + }, + "type": "long" + }, + { + "name": "common_c2s_tcp_unorder_num", + "label": "Unorder Packets(c2s)", + "doc": { + "visibility": "disabled" + }, + "type": "long" + }, + { + "name": "common_s2c_tcp_unorder_num", + "label": "Unorder Packets(s2c)", + "doc": { + "visibility": "disabled" + }, + "type": "long" + }, + { + "name": "common_c2s_pkt_retrans", + "label": "Packet Retransmission(c2s)", + "doc": { + "visibility": "disabled" + }, + "type": "long" + }, + { + "name": "common_s2c_pkt_retrans", + "label": "Packet Retransmission(s2c)", + "doc": { + "visibility": "disabled" + }, + "type": "long" + }, + { + "name": "common_c2s_byte_retrans", + "label": "Byte Retransmission(c2s)", + "doc": { + "visibility": "disabled" + }, + "type": "long" + }, + { + "name": "common_s2c_byte_retrans", + "label": "Byte Retransmission(s2c)", + "doc": { + "visibility": "disabled" + }, + "type": "long" + }, + { + "name": "common_tcp_client_isn", + "label": "TCP Client ISN", + "doc": { + "visibility": "disabled" + }, + "type": "long" + }, + { + "name": "common_tcp_server_isn", + "label": "TCP Server ISN", + "doc": { + "visibility": "disabled" + }, + "type": "long" + }, + { + "name": "common_first_ttl", + "label": "First TTL", + "doc": { + "visibility": "disabled" + }, + "type": "int" + }, + { + "name": "common_processing_time", + "label": "Processing Time", + "doc": { + "constraints": { + "type": "timestamp" + }, + "format": { + "functions": "current_timestamp" + } + }, + "type": "long" + }, + { + "name": "common_ingestion_time", + "label": "Ingestion Time", + "doc": { + "constraints": { + "type": "timestamp" + }, + "format": { + "functions": "ingestion_time" + } + }, + "type": "long" + }, + { + "name": "common_mirrored_pkts", + "label": "Mirrored Packets", + "type": "long", + "doc": { + "visibility": "disabled" + } + }, + { + "name": "common_mirrored_bytes", + "label": "Mirrored Bytes", + "type": "long", + "doc": { + "visibility": "disabled" + } + }, + { + "name": "http_url", + "label": "HTTP.URL", + "type": "string" + }, + { + "name": "http_host", + "label": "HTTP.Host", + "doc": { + "format": { + "functions": "sub_domain", + "appendTo": "http_domain" + } + }, + "type": "string" + }, + { + "name": "http_domain", + "label": "HTTP.Domain", + "doc": { + "visibility": "disabled" + }, + "type": "string" + }, + { + "name": "http_request_line", + "label": "HTTP.Request Line", + "doc": { + "visibility": "disabled" + }, + "type": "string" + }, + { + "name": "http_response_line", + "label": "HTTP.Response Line", + "doc": { + "visibility": "disabled" + }, + "type": "string" + }, + { + "name": "http_request_header", + "label": "HTTP.Request Header", + "doc": { + "visibility": "disabled" + }, + "type": "string" + }, + { + "name": "http_response_header", + "label": "HTTP.Response Header", + "doc": { + "visibility": "disabled" + }, + "type": "string" + }, + { + "name": "http_request_content", + "label": "HTTP.Request Content", + "doc": { + "visibility": "disabled" + }, + "type": "string" + }, + { + "name": "http_request_content_length", + "label": "HTTP.Request Content Length", + "type": "string" + }, + { + "name": "http_request_content_type", + "label": "HTTP.Request Content Type", + "type": "string" + }, + { + "name": "http_response_content", + "label": "HTTP.Response Content", + "doc": { + "visibility": "disabled" + }, + "type": "string" + }, + { + "name": "http_response_content_length", + "label": "HTTP.Response Content Length", + "type": "string" + }, + { + "name": "http_response_content_type", + "label": "HTTP.Response Content Type", + "type": "string" + }, + { + "name": "http_request_body", + "label": "HTTP.Request Body", + "doc": { + "allow_query": "false", + "constraints": { + "type": "file" + } + }, + "type": "string" + }, + { + "name": "http_response_body", + "label": "HTTP.Response Body", + "doc": { + "allow_query": "false", + "constraints": { + "type": "file" + } + }, + "type": "string" + }, + { + "name": "http_request_body_key", + "label": "HTTP.Request Body Key", + "doc": { + "visibility": "disabled" + }, + "type": "string" + }, + { + "name": "http_response_body_key", + "label": "HTTP.Response Body Key", + "doc": { + "visibility": "disabled" + }, + "type": "string" + }, + { + "name": "http_proxy_flag", + "label": "HTTP.Proxy Flag", + "doc": { + "visibility": "disabled" + }, + "type": "int" + }, + { + "name": "http_sequence", + "label": "HTTP.Sequence", + "doc": { + "visibility": "disabled" + }, + "type": "int" + }, + { + "name": "http_snapshot", + "label": "HTTP.Snapshot", + "doc": { + "visibility": "disabled" + }, + "type": "string" + }, + { + "name": "http_cookie", + "label": "HTTP.Cookie", + "type": "string" + }, + { + "name": "http_referer", + "label": "HTTP.Referer", + "type": "string" + }, + { + "name": "http_user_agent", + "label": "HTTP.User Agent", + "type": "string" + }, + { + "name": "http_content_length", + "label": "HTTP.Content Length", + "doc": { + "visibility": "disabled" + }, + "type": "string" + }, + { + "name": "http_content_type", + "label": "HTTP.Content Type", + "doc": { + "visibility": "disabled" + }, + "type": "string" + }, + { + "name": "http_set_cookie", + "label": "HTTP.Set Cookie", + "type": "string" + }, + { + "name": "http_version", + "label": "HTTP.Version", + "type": "string" + }, + { + "name": "http_response_latency_ms", + "label": "HTTP.Response Latency(ms)", + "doc": { + "visibility": "disabled" + }, + "type": "long" + }, + { + "name": "http_session_duration_ms", + "label": "HTTP.Session Duration(ms)", + "doc": { + "visibility": "disabled" + }, + "type": "long" + }, + { + "name": "http_action_file_size", + "label": "HTTP.Action File Size", + "type": "int" + }, + { + "name": "doh_url", + "label": "DoH.URL", + "type": "string" + }, + { + "name": "doh_host", + "label": "DoH.Host", + "type": "string" + }, + { + "name": "doh_request_line", + "label": "DoH.Request Line", + "doc": { + "visibility": "disabled" + }, + "type": "string" + }, + { + "name": "doh_response_line", + "doc": { + "visibility": "disabled" + }, + "label": "DoH.Response Line", + "type": "string" + }, + { + "name": "doh_cookie", + "label": "DoH.Cookie", + "type": "string" + }, + { + "name": "doh_referer", + "label": "DoH.Referer", + "type": "string" + }, + { + "name": "doh_user_agent", + "label": "DoH.User Agent", + "type": "string" + }, + { + "name": "doh_content_length", + "label": "DoH.Content Length", + "doc": { + "visibility": "disabled" + }, + "type": "string" + }, + { + "name": "doh_content_type", + "label": "DoH.Content Type", + "doc": { + "visibility": "disabled" + }, + "type": "string" + }, + { + "name": "doh_set_cookie", + "label": "DoH.Set Cookie", + "doc": { + "visibility": "disabled" + }, + "type": "string" + }, + { + "name": "doh_version", + "label": "DoH.Version", + "type": "string" + }, + { + "name": "doh_message_id", + "label": "DoH.Message ID", + "type": "int" + }, + { + "name": "doh_qr", + "label": "DoH.QR", + "doc": { + "constraints": { + "operator_functions": "=,!=" + }, + "data": [ + { + "code": "0", + "value": "QUERY" + }, + { + "code": "1", + "value": "REESPONSE" + } + ] + }, + "type": "int" + }, + { + "name": "doh_opcode", + "label": "DoH.OPCODE", + "doc": { + "constraints": { + "operator_functions": "=,!=" + }, + "data": [ + { + "code": "0", + "value": "QUERY" + }, + { + "code": "1", + "value": "IQUERY" + }, + { + "code": "2", + "value": "STATUS" + }, + { + "code": "5", + "value": "UPDATE" + } + ] + }, + "type": "int" + }, + { + "name": "doh_aa", + "label": "DoH.AA", + "type": "int" + }, + { + "name": "doh_tc", + "label": "DoH.TC", + "type": "int" + }, + { + "name": "doh_rd", + "label": "DoH.RD", + "type": "int" + }, + { + "name": "doh_ra", + "label": "DoH.RA", + "type": "int" + }, + { + "name": "doh_rcode", + "label": "DoH.RCODE", + "type": "int" + }, + { + "name": "doh_qdcount", + "label": "DoH.QDCOUNT", + "type": "int" + }, + { + "name": "doh_ancount", + "label": "DoH.ANCOUNT", + "type": "int" + }, + { + "name": "doh_nscount", + "label": "DoH.NSCOUNT", + "type": "int" + }, + { + "name": "doh_arcount", + "label": "DoH.ARCOUNT", + "type": "int" + }, + { + "name": "doh_qname", + "label": "DoH.QNAME", + "type": "string" + }, + { + "name": "doh_qtype", + "label": "DoH.QTYPE", + "doc": { + "constraints": { + "operator_functions": "=,!=" + }, + "data": [ + { + "code": "1", + "value": "A" + }, + { + "code": "2", + "value": "NS" + }, + { + "code": "5", + "value": "CNAME" + }, + { + "code": "6", + "value": "SOA" + }, + { + "code": "11", + "value": "WKS" + }, + { + "code": "12", + "value": "PTR" + }, + { + "code": "13", + "value": "HINFO" + }, + { + "code": "11", + "value": "WKS" + }, + { + "code": "15", + "value": "MX" + }, + { + "code": "28", + "value": "AAAA" + } + ] + }, + "type": "int" + }, + { + "name": "doh_qclass", + "label": "DoH.QCLASS", + "type": "int" + }, + { + "name": "doh_cname", + "label": "DoH.CNAME", + "type": "string" + }, + { + "name": "doh_sub", + "label": "DoH.SUB", + "doc": { + "constraints": { + "operator_functions": "=,!=" + }, + "data": [ + { + "code": "1", + "value": "DNS" + }, + { + "code": "2", + "value": "DNSSEC" + } + ] + }, + "type": "int" + }, + { + "name": "doh_rr", + "label": "DoH.RR", + "type": "string" + } + ] +}
\ No newline at end of file |