Pull request #3278: netflow: add dev_notes.txt

Merge in SNORT/snort3 from ~MMATIRKO/snort3:netflow-devnotes to master

Squashed commit of the following:

commit 562995f31163726ee9a547bd3bbb3b50150052b6
Author: Michael Matirko <mmatirko@cisco.com>
Date:   Thu Feb 17 10:33:59 2022 -0500

    netflow: add dev_notes.txt

diff --git a/src/service_inspectors/netflow/dev_notes.txt b/src/service_inspectors/netflow/dev_notes.txt
new file mode 100644 (file)
index 0000000..534c517
--- /dev/null
+++ b/src/service_inspectors/netflow/dev_notes.txt
@@ -0,0 +1,11 @@
+The NetFlow inspector inspects Cisco NetFlow version 5 and 9 traffic. When the device
+running Snort3 is placed between a NetFlow collector and exporter, this allows Snort
+to generate RNA events based on exported NetFlow flows.
+
+By means of a template and a record cache, Snort3 keeps track of new and existing
+flows, as well as their associated services - similar to host_cache. Events generated
+follow the same format as their corresponding RNA events, such as new_host, new_network_proto,
+etc.
+
+Note that these caches are currently thread-local for performance reasons, so the occasional
+duplicate event is expected.