Feature/update readme

README.md

@@ -1,16 +1,19 @@
-# RustiFlow: A NIDS Feature Extraction Tool
+![banner](figures/banner.jpg)
+# A Network Traffic Feature Extraction Tool
 
-![RustiFlow Logo](RustiFlow.png)
+## <img src="figures/RustiFlow_nobg.png" width="60px"/> Overview
 
-## Overview
+This tool is engineered for robust and efficient feature extraction, particularly for applications such as network intrusion detection systems, among others. Leveraging Rust language and eBPF, it excels in processing high volumes of network traffic with remarkable speed and throughput. (When your traffic is already captured, don't worry! It also has a build in pcap reader which is also amazingly fast.) With various pre-defined feature sets and the ability to create custom feature sets, RustiFlow offers a versatile solution for network security applications.
 
-This tool is designed for robust and efficient feature extraction in network intrusion detection systems. Leveraging Rust language and eBPF, it excels in processing high volumes of network traffic with remarkable speed and throughput. (When your traffic is already captured, don't worry! It also has a build in pcap reader.) With various pre-defined feature sets and the ability to create custom feature sets, RustiFlow offers a versatile solution for network security applications.
+<a href="https://github.com/idlab-discover/RustiFlow/actions">![Badge displaying GitHub Actions Workflow Status](https://img.shields.io/github/actions/workflow/status/idlab-discover/RustiFlow/rust.yml?logo=github)</a> 
+<a href="https://idlab-discover.github.io/RustiFlow"> ![Badge linking to the project documentation website](https://img.shields.io/website?url=https%3A%2F%2Fidlab-discover.github.io%2FRustiFlow&label=Documentation)</a> <a href="https://github.com/idlab-discover/RustiFlow/blob/main/LICENSE"> ![GitHub license](https://img.shields.io/github/license/idlab-discover/RustiFlow) </a>
 
-![Badge displaying GitHub Actions Workflow Status](https://img.shields.io/github/actions/workflow/status/idlab-discover/RustiFlow/rust.yml?logo=github) ![Badge linking to the project documentation website](https://img.shields.io/website?url=https%3A%2F%2Fidlab-discover.github.io%2FRustiFlow&label=Documentation) ![GitHub license](https://img.shields.io/github/license/idlab-discover/RustiFlow) ![Ubuntu 22](https://img.shields.io/badge/Tested%20on%20ubuntu%2022-purple?logo=ubuntu) ![Ubuntu 20](https://img.shields.io/badge/Tested%20on%20ubuntu%2020-purple?logo=ubuntu)
+![Ubuntu 24](https://img.shields.io/badge/Tested%20on%20ubuntu-purple?logo=ubuntu) 
 
-![Animated image showing network flows](flows.gif)
 
-## Key Features
+![Animated image showing network flows](figures/flows.gif)
+
+## <img src="figures/RustiFlow_nobg.png" width="60px"/> Key Features
 
 - **High Throughput:** Utilizes Rust and the [Aya](https://aya-rs.dev/) library for eBPF program compilation and execution, ensuring exceptional performance and resource efficiency.
 - **Versatile Feature Sets:** Offers a variety of pre-defined feature sets (flows) and the flexibility to create custom feature sets tailored to specific requirements.
@@ -19,13 +22,17 @@ This tool is designed for robust and efficient feature extraction in network int
 
 ## Feature sets
 
-See the wiki for the different feature sets available.
+See the [wiki](https://github.com/idlab-discover/RustiFlow/wiki) for the different feature sets available.
+
+## <img src="figures/RustiFlow_nobg.png" width="60px"/> Architecture
 
-## Architecture
+### Realtime processing
+![RustiFlow Architecture Realtime](figures/realtime.png)
 
-![RustiFlow Architecture](arch.svg)
+### Offline PCAP processing
+![RustiFlow Architecture Offline](figures/offline.png)
 
-## Using the release binary:
+## <img src="figures/RustiFlow_nobg.png" width="60px"/> Using the release binary:
 
 Copy the rustiflow binary that you can find in this repo in releases to a location of your choice or to the `/usr/local/bin` folder.
 If it does not have the right permissions, you can run the following command:
@@ -34,19 +41,60 @@ If it does not have the right permissions, you can run the following command:
 chmod +x /path/to/rustiflow
 ```
 
-You can then run the binary with the following commands:
+### Using commands:
 
-See the [help menu](#usage-instructions) for the different options available.
+You can then run the binary with the following commands displayed on the [help menu](#usage-instructions).
 
-```bash
-RUST_LOG=info rustiflow pcap basic-flow 60 /path/to/pcap.pcap print
-```
+### Using the tui interface:
 
-```bash
-sudo RUST_LOG=info rustiflow realtime enp5s0 cic-flow 60 csv /path/to/output.csv
+If you want a more graphical interface, you can use the tui interface by just running `rustiflow` without any arguments. This will open the following interface:
+
+![The tui interface](figures/tui_rustiflow.GIF)
+
+> **NOTE:** When using the save button, the current selection will be saved to the `rustiflow.toml` file. You can reuse this file with following command:
+  ```bash
+  rustiflow --config-file rustiflow.toml realtime <interface> [--only-ingress]
+  ```
+
+  ```bash
+  rustiflow -c rustiflow.toml pcap <path to pcap file>
+  ```
+> After saving the configuration file, you can safely reset without changing the configuration file.
+
+### Using the configuration file:
+This is an example of a configuration file that you can use to run the tool with the `--config-file` option.
+
+```toml
+[config]
+features = "CIDDS"
+active_timeout = 522
+idle_timeout = 885855
+early_export = 25
+expiration_check_interval = 0
+
+[output]
+output = "Csv"
+export_path = "path/to/output.csv"
+header = false
+drop_contaminant_features = true
+```
+Example 2:
+```toml
+[config]
+features = "Nfstream"
+active_timeout = 3600
+idle_timeout = 120
+early_export = 10
+expiration_check_interval = 60
+threads = 8
+
+[output]
+output = "Print"
+header = true
+drop_contaminant_features = false
 ```
 
-## Using the Container:
+## <img src="figures/RustiFlow_nobg.png" width="60px"/> Using the Container:
 
 Make sure that you don't use docker desktop and that you don't have it installed on your machine. If you have this setup, it will not work as intended as the `--network host` will not link the container to the host network, but to the network of a VM that docker desktop uses.
 
@@ -62,10 +110,12 @@ Make sure that you don't use docker desktop and that you don't have it installed
 - **Example**:
   ```bash
   docker run --network host -v /home/user/pcap:/app rustiflow pcap basic-flow 60 /app/pcap.pcap print
+  ```
+  ```bash
   docker run --privileged --network host -v /home/matisse/Documents:/app rustiflow realtime enp5s0 cic-flow 60 csv /app/output.csv
   ```
 
-## Installation Guide for development
+## <img src="figures/RustiFlow_nobg.png" width="60px"/> Installation Guide for development
 
 ### Prerequisites:
 - **libpcap-dev**:
@@ -98,7 +148,7 @@ Make sure that you don't use docker desktop and that you don't have it installed
   export PATH=/usr/lib/linux-tools/5.8.0-63-generic:$PATH
   ```
 
-## Building the Project
+## <img src="figures/RustiFlow_nobg.png" width="60px"/> Building the Project
 
 - **eBPF Programs**:
   ```bash
@@ -110,107 +160,83 @@ Make sure that you don't use docker desktop and that you don't have it installed
   cargo build
   ```
 
-## Usage Instructions
+## Running the Project in dev mode
 
-### Real-Time Traffic Capture:
-- **Command Help**:
   ```bash
-  RUST_LOG=info cargo xtask run -- realtime --help
+  cargo xtask run -- [OPTIONS] <COMMAND>
   ```
-  ```bash
-  Real-time feature extraction
 
-  Usage: rustiflow realtime [OPTIONS] <INTERFACE> <FLOW_TYPE> <LIFESPAN> <METHOD> [EXPORT_PATH]
+## <img src="figures/RustiFlow_nobg.png" width="60px"/> Usage Instructions
 
-  Arguments:
-    <INTERFACE>
-            The network interface to capture packets from
-
-    <FLOW_TYPE>
-            Possible values:
-            - basic-flow:  A basic flow that stores the basic features of a flow
-            - cic-flow:    Represents the CIC Flow, giving 83 features
-            - cidds-flow:  Represents the CIDDS Flow, giving 10 features
-            - nf-flow:     Represents a nfstream inspired flow, giving 69 features
-            - ntl-flow:    Represents the NTL Flow, giving 120 features
-            - custom-flow: Represents a flow that you can implement yourself
-
-    <LIFESPAN>
-            The maximum lifespan of a flow in seconds
-
-    <METHOD>
-            Output method
-
-            Possible values:
-            - print: The output will be printed to the console
-            - csv:   The output will be written to a CSV file
+### Command Help:
+  ```bash
+  rustiflow help
+  ```
+  ```bash
+  Usage: rustiflow [OPTIONS] <COMMAND>
 
-    [EXPORT_PATH]
-            File path for output (used if method is Csv)
+  Commands:
+    realtime  Real-time feature extraction
+    pcap      Feature extraction from a pcap file
+    help      Print this message or the help of the given subcommand(s)
 
   Options:
-    -n, --no-contaminant-features
-            Whether not to include contaminant features
-
-    -f, --feature-header
-            Whether to add the header
-
-    -o, --only-ingress
-            Only ingress traffic will be captured
+    -c, --config-file <CONFIG_FILE>
+            Configuration file path
 
-        --interval <INTERVAL>
-            The print interval for open flows in seconds, needs to be smaller than the flow maximum lifespan
+    -f, --features <FEATURES>
+            The feature set to use (required if no config file is provided)
 
-    -h, --help
-            Print help (see a summary with '-h')
-  ```
+            Possible values:
+            - basic:    A basic flow that stores the basic features of a flow
+            - cic:      Represents the CIC Flow, giving 83 features
+            - cidds:    Represents the CIDDS Flow, giving 10 features
+            - nfstream: Represents a nfstream inspired flow, giving 69 features
+            - ntl:      Represents the NTL Flow, giving 120 features
+            - custom:   Represents a flow that you can implement yourself
 
-### Reading from a Pcap File:
+        --active-timeout <ACTIVE_TIMEOUT>
+            The maximum time a flow is allowed to last in seconds (optional)
+
+            [default: 3600]
 
-- **Command Help**:
-  ```bash
-  RUST_LOG=info cargo xtask run -- pcap --help
-  ```
-  ```bash
-  Feature extraction from a pcap file
+        --idle-timeout <IDLE_TIMEOUT>
+            The maximum time with no packets for a flow in seconds (optional)
+
+            [default: 120]
 
-  Usage: rustiflow pcap [OPTIONS] <FLOW_TYPE> <LIFESPAN> <PATH> <METHOD> [EXPORT_PATH]
+        --early-export <EARLY_EXPORT>
+            The print interval for open flows in seconds (optional)
 
-  Arguments:
-    <FLOW_TYPE>
-            Possible values:
-            - basic-flow:  A basic flow that stores the basic features of a flow
-            - cic-flow:    Represents the CIC Flow, giving 83 features
-            - cidds-flow:  Represents the CIDDS Flow, giving 10 features
-            - nf-flow:     Represents a nfstream inspired flow, giving 69 features
-            - ntl-flow:    Represents the NTL Flow, giving 120 features
-            - custom-flow: Represents a flow that you can implement yourself
+        --expiration-check-interval <EXPIRATION_CHECK_INTERVAL>
+            Interval (in seconds) for checking and expiring flows in the flowtable. This represents how often the flowtable should be scanned to remove inactive flows
+
+            [default: 60]
 
-    <LIFESPAN>
-            The maximum lifespan of a flow in seconds
+        --threads <THREADS>
+            The numbers of threads to use for processing packets (optional) (default: number of logical CPUs)
 
-    <PATH>
-            The relative path to the pcap file
+        -o, --output <OUTPUT>
+                Output method (required if no config file is provided)
 
-    <METHOD>
-            Output method
+                Possible values:
+                - print: The output will be printed to the console
+                - csv:   The output will be written to a CSV file
 
-            Possible values:
-            - print: The output will be printed to the console
-            - csv:   The output will be written to a CSV file
+            --export-path <EXPORT_PATH>
+                File path for output (used if method is Csv)
 
-    [EXPORT_PATH]
-            File path for output (used if method is Csv)
+            --header
+                Whether to export the feature header
 
-  Options:
-    -n, --no-contaminant-features
-            Whether not to include contaminant features
+            --drop-contaminant-features
+                Whether to drop contaminant features
 
-    -f, --feature-header
-            Whether to add the header
+        -h, --help
+                Print help (see a summary with '-h')
 
-    -h, --help
-            Print help (see a summary with '-h')
+        -V, --version
+                Print version
 
   ```
 

rustiflow/src/tui.rs

@@ -627,9 +627,9 @@ fn ui_main_screen<B: Backend>(f: &mut Frame<B>, app: &App) {
         .direction(Direction::Horizontal)
         .constraints(
             [
-                Constraint::Percentage(30), // Left column: Menu
-                Constraint::Percentage(40), // Middle column: Content
-                Constraint::Percentage(30), // Right column: Current Selections
+                Constraint::Percentage(38), // Left column: Menu
+                Constraint::Percentage(25), // Middle column: Content
+                Constraint::Percentage(37), // Right column: Current Selections
             ]
             .as_ref(),
         )