github.com/cilium/cilium@v1.16.2/pkg/proxy/accesslog/record.go (about) 1 // SPDX-License-Identifier: Apache-2.0 2 // Copyright Authors of Cilium 3 4 package accesslog 5 6 import ( 7 "net" 8 "net/http" 9 "net/url" 10 11 "github.com/cilium/cilium/pkg/labels" 12 ) 13 14 // FlowType is the type to indicate the flow direction 15 type FlowType string 16 17 const ( 18 // TypeRequest is a request message 19 TypeRequest FlowType = "Request" 20 21 // TypeResponse is a response to a request 22 TypeResponse FlowType = "Response" 23 24 // TypeSample is a packet sample 25 TypeSample FlowType = "Sample" 26 ) 27 28 // FlowVerdict is the verdict passed on the flow 29 type FlowVerdict string 30 31 const ( 32 // VerdictForwarded indicates that the flow was forwarded 33 VerdictForwarded FlowVerdict = "Forwarded" 34 35 // VerdictDenied indicates that the flow was denied 36 VerdictDenied = "Denied" 37 38 // VerdictError indicates that there was an error processing the flow 39 VerdictError = "Error" 40 41 // VerdictError indicates that the flow was redirected through the proxy 42 VerdictRedirected = "Redirected" 43 ) 44 45 // ObservationPoint is the type used to describe point of observation 46 type ObservationPoint string 47 48 const ( 49 // Ingress indicates event was generated at ingress 50 Ingress ObservationPoint = "Ingress" 51 52 // Egress indicates event was generated at egress 53 Egress ObservationPoint = "Egress" 54 ) 55 56 // IPVersion indicates the flow's IP version 57 type IPVersion uint8 58 59 const ( 60 // VersionIPv4 indicates IPv4 61 VersionIPv4 IPVersion = iota 62 // VersionIPV6 indicates IPv6 63 VersionIPV6 64 ) 65 66 // EndpointInfo contains information about the sending (resp. receiving) endpoint. 67 // If the field using this struct is SourceEndpoint, all fields correspond to 68 // the sending endpoint, if the field using this struct is DestinationEndpoint, 69 // then all fields correspond to the receiving endpoint. 70 type EndpointInfo struct { 71 // ID is the endpoint id 72 ID uint64 73 74 // IPv4 is the IPv4 address of the endpoint 75 IPv4 string 76 77 // IPv6 is the IPv6 address of the endpoint 78 IPv6 string 79 80 // Port represents the source point for SourceEndpoint and the 81 // destination port for DestinationEndpoint 82 Port uint16 83 84 // Identity is the security identity of the endpoint 85 Identity uint64 86 87 // Labels is the list of security relevant labels of the endpoint. 88 // Shared, do not mutate! 89 Labels labels.LabelArray 90 } 91 92 // ServiceInfo contains information about the Kubernetes service 93 type ServiceInfo struct { 94 // Name specifies the name of the service 95 Name string 96 97 // IPPort is the IP and transport port of the service 98 IPPort IPPort 99 } 100 101 // FlowEvent identifies the event type of an L4 log record 102 type FlowEvent string 103 104 const ( 105 // FlowAdded means that this is a new flow 106 FlowAdded FlowEvent = "FlowAdded" 107 108 // FlowRemoved means that a flow has been deleted 109 FlowRemoved FlowEvent = "FlowRemoved" 110 ) 111 112 // DropReason indicates the reason why the flow was dropped 113 type DropReason uint16 114 115 // TransportProtocol defines layer 4 protocols 116 type TransportProtocol uint16 117 118 // NodeAddressInfo holds addressing information of the node the agent runs on 119 type NodeAddressInfo struct { 120 IPv4 string 121 IPv6 string 122 } 123 124 // IPPort bundles an IP address and port number 125 type IPPort struct { 126 IP string 127 Port uint16 128 } 129 130 // LogRecord is the structure used to log individual request/response 131 // processing events or sampled packets 132 type LogRecord struct { 133 // Type is the type of the flow 134 Type FlowType 135 136 // Timestamp is the start of a request, the end of a response, or the time the packet has been sampled, 137 // depending on the flow type 138 Timestamp string 139 140 // NodeAddressInfo contains the IPs of the node where the event was generated 141 NodeAddressInfo NodeAddressInfo 142 143 // ObservationPoint indicates where the flow was observed 144 ObservationPoint ObservationPoint 145 146 // SourceEndpoint is information about the source endpoint, if available 147 SourceEndpoint EndpointInfo 148 149 // DestinationEndpoint is information about the destination endpoint, if available 150 DestinationEndpoint EndpointInfo 151 152 // IPVersion indicates the version of the IP protocol in use 153 IPVersion IPVersion 154 155 // Verdict is the verdict on the flow taken 156 Verdict FlowVerdict 157 158 // Info includes information about the rule that matched or the error 159 // that occurred 160 Info string 161 162 // Metadata is additional arbitrary metadata 163 Metadata []string 164 165 // TransportProtocol identifies the flow's transport layer (layer 4) protocol 166 TransportProtocol TransportProtocol 167 168 // FlowEvent identifies the flow event for L4 log record 169 FlowEvent FlowEvent 170 171 // ServiceInfo identifies the Kubernetes service this flow went through. It is set to 172 // nil if the flow did not go though any service. Note that this field is always set to 173 // nil if ObservationPoint is Ingress since currently Cilium cannot tell at ingress 174 // whether the packet went through a service before. 175 ServiceInfo *ServiceInfo 176 177 // DropReason indicates the reason of the drop. This field is set if and only if 178 // the Verdict field is set to VerdictDenied. Otherwise it's set to nil. 179 DropReason *DropReason 180 181 // The following are the protocol specific parts. Only one of the 182 // following should ever be set. Unused fields will be omitted 183 184 // HTTP contains information for HTTP request/responses 185 HTTP *LogRecordHTTP `json:"HTTP,omitempty"` 186 187 // Kafka contains information for Kafka request/responses 188 Kafka *LogRecordKafka `json:"Kafka,omitempty"` 189 190 // DNS contains information for DNS request/responses 191 DNS *LogRecordDNS `json:"DNS,omitempty"` 192 193 // L7 contains information about generic L7 protocols 194 L7 *LogRecordL7 `json:"L7,omitempty"` 195 } 196 197 // LogRecordHTTP contains the HTTP specific portion of a log record 198 type LogRecordHTTP struct { 199 // Code is the HTTP code being returned 200 Code int 201 202 // Method is the method of the request 203 Method string 204 205 // URL is the URL of the request 206 URL *url.URL 207 208 // Protocol is the HTTP protocol in use 209 Protocol string 210 211 // Headers are all HTTP headers present in the request and response. Request records 212 // contain request headers, while response headers contain response headers and the 213 // 'x-request-id' from the request headers, if any. If response headers already contain 214 // a 'x-request-id' with a different value then both will be included as two separate 215 // entries with the same key. 216 Headers http.Header 217 218 // MissingHeaders are HTTP request headers that were deemed missing from the request 219 MissingHeaders http.Header 220 221 // RejectedHeaders are HTTP request headers that were rejected from the request 222 RejectedHeaders http.Header 223 } 224 225 // KafkaTopic contains the topic for requests 226 type KafkaTopic struct { 227 Topic string `json:"Topic,omitempty"` 228 } 229 230 // LogRecordKafka contains the Kafka-specific portion of a log record 231 type LogRecordKafka struct { 232 // ErrorCode is the Kafka error code being returned 233 ErrorCode int 234 235 // APIVersion of the Kafka api used 236 APIVersion int16 237 238 // APIKey for Kafka message 239 // Reference: https://kafka.apache.org/protocol#protocol_api_keys 240 APIKey string 241 242 // CorrelationID is a user-supplied integer value that will be passed 243 // back with the response 244 CorrelationID int32 245 246 // Topic of the request, currently is a single topic 247 // Note that this string can be empty since not all messages use 248 // Topic. example: LeaveGroup, Heartbeat 249 Topic KafkaTopic 250 } 251 252 type DNSDataSource string 253 254 const ( 255 // DNSSourceProxy indicates that the DNS record was created by a proxy 256 // intercepting a DNS request/response. 257 DNSSourceProxy DNSDataSource = "proxy" 258 ) 259 260 // LogRecordDNS contains the DNS specific portion of a log record 261 type LogRecordDNS struct { 262 // Query is the name in the original query 263 Query string `json:"Query,omitempty"` 264 265 // IPs are any IPs seen in this response. 266 // This field is filled only for DNS responses with IPs. 267 IPs []net.IP `json:"IPs,omitempty"` 268 269 // TTL is the lowest applicable TTL for this data 270 // This field is filled only for DNS responses. 271 TTL uint32 `json:"TTL,omitempty"` 272 273 // CNAMEs are any CNAME records seen in the response leading from Query 274 // to the IPs. 275 // This field is filled only for DNS responses with CNAMEs to IP data. 276 CNAMEs []string `json:"CNAMEs,omitempty"` 277 278 // ObservationSource represents the source of the data in this LogRecordDNS. 279 // Empty or undefined may indicate older cilium versions, as it is expected 280 // to be filled in. 281 ObservationSource DNSDataSource `json:"ObservationSource,omitempty"` 282 283 // RCode is the response code 284 // defined as per https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-6 285 // Use github.com/cilium/dns.RcodeToString map to retrieve string representation 286 RCode int `json:"RCode,omitempty"` 287 288 // QTypes are question types in DNS message 289 // https://www.ietf.org/rfc/rfc1035.txt 290 // Use github.com/cilium/dns.TypeToString map to retrieve string representation 291 QTypes []uint16 `json:"QTypes,omitempty"` 292 293 // AnswerTypes are record types in the answer section 294 // https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-4 295 // Use github.com/cilium/dns.TypeToString map to retrieve string representation 296 AnswerTypes []uint16 `json:"AnswerTypes,omitempty"` 297 } 298 299 // LogRecordL7 contains the generic L7 portion of a log record 300 type LogRecordL7 struct { 301 // Proto is the name of the protocol this record represents 302 Proto string `json:"Proto,omitempty"` 303 304 // Fields is a map of key-value pairs describing the protocol 305 Fields map[string]string 306 }