Merge branch 'master' of github.com:D4-project/architecture

2019-03-29 09:49:36 +01:00 · 2019-03-29 09:49:36 +01:00 · 7cad8f82a6
parent fbe33c637a fa4411fe4d
commit 7cad8f82a6
4 changed files with 119 additions and 1 deletions
--- a/docs/workshop/0-introduction/d4-introduction.tex
+++ b/docs/workshop/0-introduction/d4-introduction.tex
@ -175,7 +175,7 @@ After the stream is processed depending of the type using dedicated worker.
 \begin{frame}
        \frametitle{D4 server - type 254 worker handler}
        \begin{itemize}
-        \item Worker 2
+          \item Worker custom type (called Worker 2)
                \begin{itemize}
                \item Get type 2 data from a stream
    		        \item Reconstruct Json
@ -189,6 +189,11 @@ After the stream is processed depending of the type using dedicated worker.
        \end{itemize}
 \end{frame}

+\begin{frame}
+        \frametitle{D4 server - type 254 - implementation}
+        \includegraphics[scale=0.3]{d4-worker-2.png}
+\end{frame}
+
 \begin{frame}
        \frametitle{D4 server - management interface}
 The D4 server provides a web interface to manage D4 sensors, sessions and analyzer.
--- a/docs/workshop/0-introduction/d4-worker-2.png
+++ b/docs/workshop/0-introduction/d4-worker-2.png
--- a/docs/workshop/4-passive-dns/d4-introduction.pdf
+++ b/docs/workshop/4-passive-dns/d4-introduction.pdf
--- a/docs/workshop/4-passive-dns/d4-introduction.tex
+++ b/docs/workshop/4-passive-dns/d4-introduction.tex
@ -58,6 +58,119 @@
        \includegraphics[scale=0.38]{d4-overview.pdf}
 \end{frame}

+
+\begin{frame}[t]{Common Output Format}
+\begin{itemize}
+\item {\bf Consistent naming of fields across Passive DNS software} based on the most common Passive DNS implementations
+\item Minimal set of fields to be supported
+\item Minimal set of optional fields to be supported
+\item Way to add "additional" fields via a simple registry mechanism (IANA-like)
+\item Simple and easily parsable format
+\item A gentle reminder regarding privacy aspects of Passive DNS
+\end{itemize}
+\end{frame}
+
+\begin{frame}[t,fragile]{Sample output www.terena.org}
+\lstdefinelanguage{JavaScript}{
+  keywords={typeof, new, true, false, catch, function, return, null, catch, switch, var, if, in, while, do, else, case, break},
+  keywordstyle=\color{blue}\bfseries,
+  ndkeywords={class, export, boolean, throw, implements, import, this},
+  ndkeywordstyle=\color{darkgray}\bfseries,
+  identifierstyle=\color{black},
+  sensitive=false,
+  comment=[l]{//},
+  morecomment=[s]{/*}{*/},
+  commentstyle=\color{purple}\ttfamily,
+  stringstyle=\color{red}\ttfamily,
+  morestring=[b]',
+  morestring=[b]"
+}
+
+\lstset{
+   language=JavaScript,
+   backgroundcolor=\color{lightgray},
+   extendedchars=true,
+   basicstyle=\footnotesize\ttfamily,
+   showstringspaces=false,
+   showspaces=false,
+   numbers=left,
+   numberstyle=\footnotesize,
+   numbersep=9pt,
+   tabsize=2,
+   breaklines=true,
+   showtabs=false,
+   captionpos=b
+}
+\lstset{breaklines=true, language=JavaScript}
+\begin{lstlisting}
+{"count": 868, "time_first": 1298398002, "rrtype": "A", "rrname": "www.terena.org", "rdata": "192.87.30.6", "time_last": 1383124252}
+{"count": 89, "time_first": 1383729690, "rrtype": "CNAME", "rrname": "www.terena.org", "rdata": "godzilla.terena.org", "time_last": 1391517643}
+{"count": 110, "time_first": 1298398002, "rrtype": "AAAA", "rrname": "www.terena.org", "rdata": "2001:610:148:dead::6", "time_last": 136670845}
+\end{lstlisting}
+\end{frame}
+
+
+\begin{frame}[t]{Mandatory fields}
+\begin{itemize}
+\item \textbf{rrname} : name of the queried resource records
+\begin{itemize}
+\item JSON String
+\end{itemize}
+\item \textbf{rrtype} : resource record type
+\begin{itemize}
+\item JSON String (interpreted type of resource type if known)
+\end{itemize}
+\item \textbf{rdata} : resource records of the query(ied) resource(s)
+\begin{itemize}
+\item JSON String or an array of string if more than one unique triple
+\end{itemize}
+\item \textbf{time\_first} : first time that the resource record triple (rrname, rrtype, rdata) was seen
+\item \textbf{time\_last} : last time that the resource record triple (rrname, rrtype, rdata) was seen
+\begin{itemize}
+\item JSON Number (epoch value) UTC TZ
+\end{itemize}
+\end{itemize}
+\end{frame}
+
+\begin{frame}[t]{Optional fields}
+\begin{itemize}
+\item \textbf{count} : how many authoritative DNS answers were received by the Passive DNS collector
+\begin{itemize}
+\item JSON Number
+\end{itemize}
+\item \textbf{bailiwick} : closest enclosing zone delegated to a nameserver served in the zone of the resource records
+\begin{itemize}
+\item JSON String
+\end{itemize}
+
+\end{itemize}
+\end{frame}
+
+\begin{frame}[t]{Additionals fields}
+\begin{itemize}
+\item \textbf{sensor\_id} : Passive DNS sensor information
+\begin{itemize}
+\item JSON String
+\end{itemize}
+\item \textbf{zone\_time\_first} : specific first/last time seen when imported from a master file
+\item \textbf{zone\_time\_last}
+\begin{itemize}
+\item JSON Number
+\end{itemize}
+\item Additional fields can be requested via \url{https://github.com/adulau/pdns-qof/wiki/Additional-Fields}
+\end{itemize}
+\end{frame}
+
+\begin{frame}[t]{Future}
+\begin{itemize}
+        \item {\bf Mixing models for passive DNS stream} (for privacy) in next version of D4 core server
+        \item Interconnecting private D4 sensor networks with other D4 sensor networks (sharing to partners filtered stream)
+        \item Previewing dataset collected in D4 sensor network and providing {\bf open data stream} (if contributor agrees to share under specific conditions)
+\end{itemize}
+
+\end{frame}
+
+
 \begin{frame}
 \frametitle{Get in touch if you want to join/support the project, host a passive dns sensor or contribute}
 \begin{itemize}