github.com/castai/kvisor@v1.7.1-0.20240516114728-b3572a2607b5/api/v1/runtime/common.proto

github.com/castai/kvisor@v1.7.1-0.20240516114728-b3572a2607b5/api/v1/runtime/common.proto (about)

     1  syntax = "proto3";
     2  
     3  package runtime.v1;
     4  
     5  option go_package = "github.com/castai/kvisord/api/runtime/v1";
     6  
     7  message Any {
     8    uint32 event_id = 1;
     9    uint32 syscall = 2;
    10    bytes data = 3;
    11  }
    12  
    13  message Exec {
    14    string path = 1;
    15    repeated string args = 2;
    16    ExecMetadata meta = 3;
    17  }
    18  
    19  message Library {
    20    string name = 1;
    21    string version = 2;
    22  }
    23  
    24  message ExecMetadata {
    25    Language lang = 1;
    26    repeated Library libraries = 2;
    27    bytes hash_sha256 = 3;
    28  }
    29  
    30  enum Language {
    31    LANG_UNKNOWN = 0;
    32    LANG_GOLANG = 1;
    33    LANG_C = 2;
    34  }
    35  
    36  message File {
    37    string path = 1;
    38  }
    39  
    40  message Tuple {
    41    string src_ip = 1;
    42    string dst_ip = 2;
    43    uint32 src_port = 3;
    44    uint32 dst_port = 4;
    45    string dns_question = 5;
    46  }
    47  
    48  enum FlowDirection {
    49    FLOW_UNKNOWN = 0;
    50    FLOW_INGRESS = 1;
    51    FLOW_EGRESS = 2;
    52  }
    53  
    54  message DNS {
    55    string DNSQuestionDomain = 1;
    56    repeated DNSAnswers answers = 2;
    57    FlowDirection flow_direction = 3;
    58  }
    59  
    60  message DNSAnswers {
    61    uint32 type = 1;
    62    uint32 class = 2;
    63    uint32 ttl = 3;
    64    string name = 4;
    65    bytes ip = 5;
    66    string cname = 6;
    67  }
    68  
    69  enum StatsGroup {
    70    STATS_GROUP_UNKNOWN = 0;
    71    STATS_GROUP_SYSCALL = 1;
    72    STATS_GROUP_CPU = 2;
    73    STATS_GROUP_MEMORY = 3;
    74    STATS_GROUP_IO = 4;
    75    STATS_GROUP_NET = 5;
    76  }
    77  
    78  message Stats {
    79    StatsGroup group = 1;
    80    uint32 subgroup = 2;
    81    double value = 3;
    82  }
    83  
    84  message LogEvent {
    85    int32 level = 1;
    86    string msg = 2;
    87  }
    88  
    89  message SignatureEvent {
    90    SignatureMetadata metadata = 1;
    91    SignatureFinding finding = 2;
    92  }
    93  
    94  enum SignatureEventID {
    95    SIGNATURE_UNKNOWN = 0;
    96    SIGNATURE_STDIO_VIA_SOCKET = 1;
    97    SIGNATURE_TTY_DETECTED = 2;
    98    SIGNATURE_SOCKS5_DETECTED = 3;
    99  }
   100  
   101  message SignatureMetadata {
   102    SignatureEventID id = 1;
   103    string version = 2;
   104  }
   105  
   106  message SignatureFinding {
   107    oneof data {
   108      StdioViaSocketFinding stdio_via_socket = 1;
   109      TtyDetectedFinding tty_detected = 2;
   110      SOCKS5DetectedFinding socks5_detected = 3;
   111    }
   112  }
   113  
   114  message StdioViaSocketFinding {
   115    bytes ip = 1;
   116    uint32 port = 2;
   117    int32 socketfd = 3;
   118  }
   119  
   120  message TtyDetectedFinding {
   121    string path = 1;
   122  }
   123  
   124  enum SOCKS5Role {
   125    SOCKS5_ROLE_UNKNOWN = 0;
   126    SOCKS5_ROLE_CLIENT = 1;
   127    SOCKS5_ROLE_SERVER = 2;
   128  }
   129  
   130  enum SOCKS5AddressType {
   131    SOCKS5_ADDRESS_TYPE_UNKNOWN = 0;
   132    SOCKS5_ADDRESS_TYPE_IPv4 = 1;
   133    SOCKS5_ADDRESS_TYPE_DOMAIN_NAME = 3;
   134    SOCKS5_ADDRESS_TYPE_IPv6 = 4;
   135  }
   136  
   137  message SOCKS5DetectedFinding {
   138    SOCKS5Role role = 1;
   139    FlowDirection flow_direction = 2;
   140    uint32 cmd_or_reply = 3;
   141    SOCKS5AddressType address_type = 4;
   142    bytes address = 5;
   143    uint32 port = 6;
   144  }