- Stage: 0 (strawperson)
- Date: 2021-02-05
We now have ~30 filebeat modules that can potentially record TCP flags. Often times these TCP flags are stored as a bit field in an integer. Searching if a bit is set in the integer is cumbersome and it would be easier if there was an ECS field to hold these values. Other network protocols have a similar need.
We are proposing to add 6 new header groups for ip, ipv6, icmp, icmpv6, tcp & udp.
network.header.ip.flags : df, mf
network.header.ipv6.traffic_class network.header.ipv6.flow_label
network.header.icmp.type network.header.icmp.code network.header.icmp.rest
network.header.icmpv6.type network.header.icmpv6.code
network.header.tcp.flags : ns, cwr, ece, urg, ack, psh, rst, syn ,fin network.header.tcp.options
network.header.udp.length network.header.udp.checksum
The following are the people that consulted on the contents of this RFC.
- @leehinman | author
- Stage 0: #1253