WIP

author: Laurent Ghigonis <laurent@p1sec.com> 2013-09-12 02:25:54 +0200
committer: Laurent Ghigonis <laurent@p1sec.com> 2013-09-12 02:25:54 +0200
commit: 9707503d19b87d56527ebaa5bf84fc75f4689161 (patch)
tree: 717fbc78cfa987eb8e0dcc89283d211344c3b3c9
parent: libglouglou: fix tests linkage (diff)
download: glouglou-9707503d19b87d56527ebaa5bf84fc75f4689161.tar.xz
glouglou-9707503d19b87d56527ebaa5bf84fc75f4689161.zip
2 files changed, 173 insertions, 8 deletions
diff --git a/doc/architecture.txt b/doc/architecture.txt
index bda94d3..acc1a40 100644
--- a/doc/architecture.txt
+++ b/doc/architecture.txt
@@ -12,6 +12,7 @@ modular
 * multiple rendering modes = not only graphstream for viz
 
 If modularisation is too hard, do v3 on network viz only
+* modular = nice design
 
 see also "XXX IN PROGRESS"
 
@@ -20,7 +21,8 @@ see also "XXX IN PROGRESS"
 PRESENTATION
 ===============================================================================
 
-Modular framework for reporting and visualising real-time computer events
+Program for reporting and visualising real-time computer events.
+For example:
 * network traffic
 * process activity
 
@@ -145,25 +147,134 @@ VIZ CLIENT
 
 
 ===============================================================================
-GLOUGLOU MODULE (XXX IN PROGRESS)
+GLOUGLOU NEW MODULAR ARCHITECTURE (XXX IN PROGRESS)
 ===============================================================================
 
-Probe
-* capture method
+Probe [code]
+* capture events
+* send events
 * glouglou protocol module ID
+Network capture probe plugins
+* callback for pcap fd event
+* additional glouglou protocol module ID
 
-Processing server
+^
+| report with glouglou protocol
+v
+
+Processing server [code]
+*
 * glouglou protocol module ID
 * redis db representation
 * to viz client: depends on module ID and client configuration
   * per client internal representation
   * communication protocol to client
 
-Viz client
-* depends on module ID and client configuration
+^
+| publish with dedicated viz/data protocol [spec]
+v
+
+Viz client - visualise events [spec]
+* different layouts, depends on module ID and client configuration
   * communication protocol from processing server
   * rendering method
 
+Module structure
+================
+
+= NEW NEW
+
+== gg_net_probe.[c,sh,py]
+* main()
+probe_callbacks->cb_event = cb_event;
+gg = gg_probe_connect(server_ip, server_port, probe_callbacks)
+gg_probe_send(gg, packet
+* cb_event(struct gg)
+gg_probe_send()
+
+== gg_net_probe_mod_ss7.[c,sh,py]
+* struct gg_net_probe_mod_conf
+* cb_pcap(int fd)
+  /* test ss7 layer */
+  /* send MODULE_NETWORK_SS7 glouglou packets */
+
+== glougloud.c
+* main()
+  fork
+
+== glougloud_mod_net.[c,sh,py]
+* cb_probes(struct gg_event)
+    module ID
+    redis_write()
+    pipe_write()
+* cb_redis(struct redis_notification)
+    gs-netstream_send() / json_send() /* depends on client conf and Viz client protocol */
+* cb_vizcli_config_change(struct myconfig)
+    update_client_conf()
+
+== gg_viz_client.[c,sh,py]
+* module ID
+
+= NEW
+
+netviz_probe.[c,sh,py]
+* cb_ggmod_init(struct gg)
+  setup libevent callbacks
+* cb_ggmod_event(struct gg)
+    gg_send()
+
+netviz_processing.[c,sh,py]
+* cb_ggmod_probes_event(struct gg_event)
+    redis_write()
+* cb_vizcli_redis(struct redis_notification)
+    /* depends on client conf and Viz client protocol */
+    gs-netstream_send() / json_send()
+* cb_vizcli_config_change(struct myconfig)
+    update_client_conf()
+
+netviz.ggspec
+* Probes <-> Processing server
+  * glouglou module ID
+
+Viz clients are modulare separately
+* base viz client graph (protocol=GraphStream)
+* base viz client text (protocol=JSON)
+* per module configuration, push via HTTP JSON POST
+
+= OLD
+
+* Publish
+  * protocol choice (graphstream, json data [plugin])
+  * redis record path -> publish update
+  * filter redis records with client configuration spec
+* Viz client
+  * rendering method choice (graph, data text)
+
+ggprobe.c / ggprobe.sh / ggprobe.py
+  event_cb()
+    gg_send()
+proto_report.ggspec
+processing.ggspec
+  event
+proto_publish.ggspec
+viz.ggspec
+
+Example: Network Viz
+====================
+
+netviz_probe.c
+  capture = pcap code
+
+netviz_processing.c
+
+netviz.ggspec
+  glouglou module ID = 0x01
+
+Viz client
+* web graph
+* egraph
+* Qt client
+
 
 ===============================================================================
 GLOUGLOU PROTOCOL
@@ -185,3 +296,38 @@ GLOUGLOU PROTOCOL
     PACKET_FORK = 0x01,
     PACKET_EXEC = 0x02,
     PACKET_EXIT = 0x03,
+
+MODULE_NETWORK:
+
+PACKET_NEWCONN
+	u_int32_t       src;
+	u_int8_t        src_port;
+	u_int32_t       dst;
+	u_int8_t        dst_port;
+PACKET_DELCONN
+	u_int32_t       src;
+	u_int8_t        src_port;
+	u_int32_t       dst;
+	u_int8_t        dst_port;
+PACKET_DATA
+	u_int32_t       src;
+	u_int8_t        src_port;
+	u_int32_t       dst;
+	u_int8_t        dst_port;
+	u_int8_t        size;
+PACKET_NAME
+PACKET_TRACE
+
+===============================================================================
+GLOUGLOU DATABASE
+===============================================================================
+
+n/10.0.0.1-router
+n/10.0.0.2-
+n/192.168.1.3-
+n/192.168.1.254-internet gateway
+c/10.0.0.1-1234-10.0.0.2-80
+p/10.0.0.1-10.0.0.2
+p/10.0.0.1-192.168.1.3-192.168.1.254
+d/10.0.0.1-1234-10.0.0.2-80/3
+d/10.0.0.1-1234-10.0.0.2-80/12
diff --git a/doc/ressources.txt b/doc/ressources.txt
index edbc14f..d0d925d 100644
--- a/doc/ressources.txt
+++ b/doc/ressources.txt
@@ -46,9 +46,28 @@ https://www.youtube.com/watch?v=7SW_FDiY0sg
 
 === Processing Server ===
 
+= Websockets
+
 * libwebsock
 https://github.com/payden/libwebsock/
-* redis "keyspace notifications" (http://redis.io/topics/notifications)
++ evhttp
+https://github.com/libevent/libevent/blob/master/sample/http-server.c
+Ahttps://www.google.com/search?q=c+http+web+server&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a#q=libevent+static+web+server&rls=org.mozilla:en-US%3Aofficial
+http://abhinavsingh.com/blog/2009/12/how-to-build-a-custom-static-file-serving-http-server-using-libevent-in-c/
+
+* (old) libwebsockets (ssl, BUT too complicated AND no default integration with libevent)
+libwebsockets.org/trac/libwebsockets
+libwebsockets.org/libwebsockets-api-doc.html
+git.libwebsockets.org/cgi-bin/cgit/libwebsockets/tree/test-server/test-server.c
+Integration with libevent:
+http://stackoverflow.com/questions/18278987/getting-libwesockets-to-work-with-libevent
+https://github.com/capitalk/libwebsockets
+https://github.com/capitalk/libwebsockets/blob/master/test-server/lws_libevent_test_server.c
+
+= Redis
+
+* redis "keyspace notifications"
+(http://redis.io/topics/notifications)
 
 === Network Probes ===
author	Laurent Ghigonis <laurent@p1sec.com>	2013-09-12 02:25:54 +0200
committer	Laurent Ghigonis <laurent@p1sec.com>	2013-09-12 02:25:54 +0200
commit	9707503d19b87d56527ebaa5bf84fc75f4689161 (patch)
tree	717fbc78cfa987eb8e0dcc89283d211344c3b3c9
parent	libglouglou: fix tests linkage (diff)
download	glouglou-9707503d19b87d56527ebaa5bf84fc75f4689161.tar.xz glouglou-9707503d19b87d56527ebaa5bf84fc75f4689161.zip