Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Documentation Clarifications #52

Open
thearossman opened this issue Sep 5, 2024 · 0 comments
Open

Documentation Clarifications #52

thearossman opened this issue Sep 5, 2024 · 0 comments
Labels
documentation Improvements or additions to documentation

Comments

@thearossman
Copy link
Collaborator

thearossman commented Sep 5, 2024
edited
Loading

For usability, Retina would benefit from better documentation for a few things that we have found to be confusing for users:

  • Cross-layer interactions can be tricky to understand. For example, if a filter has session-level semantics but packets are requested, then only the packets from the session -- not the whole connection -- are delivered.

  • Regular expressions follow the https://crates.io/crates/regex semantics.

  • The port statistics (good, ingress, process) can be non-intuitive. Ingress = packets that hit the NIC; good = after HW filter and CRC checking; process = hitting cores running RX loop (excluding sink core).

  • Reassembly may not always lead to expected behavior when tracking connection statistics. E.g., filtering for "tls" will track connection statistics post-reassembly until the protocol is identified, then pre-reassembly.
@thearossman thearossman changed the title [Issue Tracking [Issue Tracking] Documentation Clarifications Sep 5, 2024
@thearossman thearossman added the documentation Improvements or additions to documentation label Sep 5, 2024
@thearossman thearossman changed the title [Issue Tracking] Documentation Clarifications Documentation Clarifications Sep 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
documentation Improvements or additions to documentation
Milestone
No milestone
Development

No branches or pull requests
1 participant
@thearossman