Skip to content

Commit

Permalink
chore/deps: update protobuf
Browse files Browse the repository at this point in the history
Signed-off-by: Kris Gambirazzi <kris.gambirazzi@transferwise.com>
  • Loading branch information
kgtw committed Nov 26, 2023
1 parent ba0d54b commit 05eebce
Show file tree
Hide file tree
Showing 14 changed files with 741 additions and 57 deletions.
54 changes: 37 additions & 17 deletions backend/proto/flow/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@
- [Layer7](#flow-Layer7)
- [LostEvent](#flow-LostEvent)
- [NetworkInterface](#flow-NetworkInterface)
- [Policy](#flow-Policy)
- [PolicyUpdateNotification](#flow-PolicyUpdateNotification)
- [SCTP](#flow-SCTP)
- [Service](#flow-Service)
Expand Down Expand Up @@ -109,7 +110,7 @@
<a name="flow-CiliumEventType"></a>

### CiliumEventType
CiliumEventType from which the flow originated
CiliumEventType from which the flow originated.


| Field | Type | Label | Description |
Expand All @@ -125,8 +126,7 @@ CiliumEventType from which the flow originated
<a name="flow-DNS"></a>

### DNS
DNS flow. This is basically directly mapped from Cilium&#39;s LogRecordDNS:
https://github.com/cilium/cilium/blob/04f3889d627774f79e56d14ddbc165b3169e2d01/pkg/proxy/accesslog/record.go#L264
DNS flow. This is basically directly mapped from Cilium&#39;s [LogRecordDNS](https://github.com/cilium/cilium/blob/04f3889d627774f79e56d14ddbc165b3169e2d01/pkg/proxy/accesslog/record.go#L264):


| Field | Type | Label | Description |
Expand Down Expand Up @@ -242,7 +242,7 @@ DNS flow. This is basically directly mapped from Cilium&#39;s LogRecordDNS:
<a name="flow-EventTypeFilter"></a>

### EventTypeFilter
EventTypeFilter is a filter describing a particular event type
EventTypeFilter is a filter describing a particular event type.


| Field | Type | Label | Description |
Expand Down Expand Up @@ -296,6 +296,9 @@ EventTypeFilter is a filter describing a particular event type
| socket_cookie | [uint64](#uint64) | | socket_cookie is the Linux kernel socket cookie for this flow. Only applicable to TraceSock notifications, zero for other types |
| cgroup_id | [uint64](#uint64) | | cgroup_id of the process which emitted this event. Only applicable to TraceSock notifications, zero for other types |
| Summary | [string](#string) | | **Deprecated.** This is a temporary workaround to support summary field for pb.Flow without duplicating logic from the old parser. This field will be removed once we fully migrate to the new parser. |
| extensions | [google.protobuf.Any](#google-protobuf-Any) | | extensions can be used to add arbitrary additional metadata to flows. This can be used to extend functionality for other Hubble compatible APIs, or experiment with new functionality without needing to change the public API. |
| egress_allowed_by | [Policy](#flow-Policy) | repeated | The CiliumNetworkPolicies allowing the egress of the flow. |
| ingress_allowed_by | [Policy](#flow-Policy) | repeated | The CiliumNetworkPolicies allowing the ingress of the flow. |



Expand Down Expand Up @@ -337,6 +340,7 @@ multiple fields are set, then all fields must match for the filter to match.
| destination_identity | [uint32](#uint32) | repeated | destination_identity filters by the security identity of the destination endpoint. |
| http_method | [string](#string) | repeated | GET, POST, PUT, etc. methods. This type of field is well suited for an enum but every single existing place is using a string already. |
| http_path | [string](#string) | repeated | http_path is a list of regular expressions to filter on the HTTP path. |
| http_url | [string](#string) | repeated | http_url is a list of regular expressions to filter on the HTTP URL. |
| tcp_flags | [TCPFlags](#flow-TCPFlags) | repeated | tcp_flags filters flows based on TCP header flags |
| node_name | [string](#string) | repeated | node_name is a list of patterns to filter on the node name, e.g. &#34;k8s*&#34;, &#34;test-cluster/*.domain.com&#34;, &#34;cluster-name/&#34; etc. |
| ip_version | [IPVersion](#flow-IPVersion) | repeated | filter based on IP version (ipv4 or ipv6) |
Expand All @@ -350,8 +354,7 @@ multiple fields are set, then all fields must match for the filter to match.
<a name="flow-HTTP"></a>

### HTTP
L7 information for HTTP flows. It corresponds to Cilium&#39;s accesslog.LogRecordHTTP type.
https://github.com/cilium/cilium/blob/728c79e427438ab6f8d9375b62fccd6fed4ace3a/pkg/proxy/accesslog/record.go#L206
L7 information for HTTP flows. It corresponds to Cilium&#39;s [accesslog.LogRecordHTTP](https://github.com/cilium/cilium/blob/728c79e427438ab6f8d9375b62fccd6fed4ace3a/pkg/proxy/accesslog/record.go#L206) type.


| Field | Type | Label | Description |
Expand Down Expand Up @@ -458,8 +461,7 @@ L7 information for HTTP flows. It corresponds to Cilium&#39;s accesslog.LogRecor
<a name="flow-Kafka"></a>

### Kafka
L7 information for Kafka flows. It corresponds to Cilium&#39;s accesslog.LogRecordKafka type.
https://github.com/cilium/cilium/blob/728c79e427438ab6f8d9375b62fccd6fed4ace3a/pkg/proxy/accesslog/record.go#L229
L7 information for Kafka flows. It corresponds to Cilium&#39;s [accesslog.LogRecordKafka](https://github.com/cilium/cilium/blob/728c79e427438ab6f8d9375b62fccd6fed4ace3a/pkg/proxy/accesslog/record.go#L229) type.


| Field | Type | Label | Description |
Expand Down Expand Up @@ -497,8 +499,7 @@ L7 information for Kafka flows. It corresponds to Cilium&#39;s accesslog.LogReco
<a name="flow-Layer7"></a>

### Layer7
Message for L7 flow, which roughly corresponds to Cilium&#39;s accesslog LogRecord:
https://github.com/cilium/cilium/blob/728c79e427438ab6f8d9375b62fccd6fed4ace3a/pkg/proxy/accesslog/record.go#L141
Message for L7 flow, which roughly corresponds to Cilium&#39;s accesslog [LogRecord](https://github.com/cilium/cilium/blob/728c79e427438ab6f8d9375b62fccd6fed4ace3a/pkg/proxy/accesslog/record.go#L141):


| Field | Type | Label | Description |
Expand Down Expand Up @@ -548,6 +549,24 @@ that happened before the events were captured by Hubble.



<a name="flow-Policy"></a>

### Policy



| Field | Type | Label | Description |
| ----- | ---- | ----- | ----------- |
| name | [string](#string) | | |
| namespace | [string](#string) | | |
| labels | [string](#string) | repeated | |
| revision | [uint64](#uint64) | | |






<a name="flow-PolicyUpdateNotification"></a>

### PolicyUpdateNotification
Expand Down Expand Up @@ -709,10 +728,9 @@ that happened before the events were captured by Hubble.
<a name="flow-TraceContext"></a>

### TraceContext
TraceContext contains trace context propagation data, ie information about a
TraceContext contains trace context propagation data, i.e. information about a
distributed trace.
For more information about trace context, check the W3C Trace Context
specification: https://www.w3.org/TR/trace-context/
For more information about trace context, check the [W3C Trace Context specification](https://www.w3.org/TR/trace-context/).


| Field | Type | Label | Description |
Expand Down Expand Up @@ -777,7 +795,7 @@ TraceParent identifies the incoming request in a tracing system.

### AgentEventType
AgentEventType is the type of agent event. These values are shared with type
AgentNotification in pkg/monitor/api/types.go
AgentNotification in pkg/monitor/api/types.go.

| Name | Number | Description |
| ---- | ------ | ----------- |
Expand All @@ -799,7 +817,7 @@ AgentNotification in pkg/monitor/api/types.go
<a name="flow-AuthType"></a>

### AuthType
These types correspond to definitions in pkg/policy/l4.go
These types correspond to definitions in pkg/policy/l4.go.

| Name | Number | Description |
| ---- | ------ | ----------- |
Expand Down Expand Up @@ -900,6 +918,8 @@ These values are shared with pkg/monitor/api/datapath_debug.go and bpf/lib/dbg.h
| DBG_SK_LOOKUP4 | 62 | |
| DBG_SK_LOOKUP6 | 63 | |
| DBG_SK_ASSIGN | 64 | |
| DBG_L7_LB | 65 | |
| DBG_SKIP_POLICY | 66 | |



Expand Down Expand Up @@ -977,6 +997,7 @@ here.
| INVALID_CLUSTER_ID | 192 | |
| UNSUPPORTED_PROTOCOL_FOR_DSR_ENCAP | 193 | |
| NO_EGRESS_GATEWAY | 194 | |
| UNENCRYPTED_TRAFFIC | 195 | |
| TTL_EXCEEDED | 196 | |
| NO_NODE_ID | 197 | |

Expand Down Expand Up @@ -1025,8 +1046,7 @@ EventType are constants are based on the ones from &lt;linux/perf_event.h&gt;.
<a name="flow-L7FlowType"></a>

### L7FlowType
This enum corresponds to Cilium&#39;s L7 accesslog FlowType:
https://github.com/cilium/cilium/blob/728c79e427438ab6f8d9375b62fccd6fed4ace3a/pkg/proxy/accesslog/record.go#L26
This enum corresponds to Cilium&#39;s L7 accesslog [FlowType](https://github.com/cilium/cilium/blob/728c79e427438ab6f8d9375b62fccd6fed4ace3a/pkg/proxy/accesslog/record.go#L26):

| Name | Number | Description |
| ---- | ------ | ----------- |
Expand Down
51 changes: 34 additions & 17 deletions backend/proto/flow/flow.proto
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@

syntax = "proto3";

import "google/protobuf/any.proto";
import "google/protobuf/wrappers.proto";
import "google/protobuf/timestamp.proto";

Expand Down Expand Up @@ -114,6 +115,16 @@ message Flow {
// duplicating logic from the old parser. This field will be removed once we
// fully migrate to the new parser.
string Summary = 100000 [deprecated=true];

// extensions can be used to add arbitrary additional metadata to flows.
// This can be used to extend functionality for other Hubble compatible
// APIs, or experiment with new functionality without needing to change the public API.
google.protobuf.Any extensions = 150000;

// The CiliumNetworkPolicies allowing the egress of the flow.
repeated Policy egress_allowed_by = 21001;
// The CiliumNetworkPolicies allowing the ingress of the flow.
repeated Policy ingress_allowed_by = 21002;
}

enum FlowType {
Expand All @@ -123,7 +134,7 @@ enum FlowType {
SOCK = 3;
}

// These types correspond to definitions in pkg/policy/l4.go
// These types correspond to definitions in pkg/policy/l4.go.
enum AuthType {
DISABLED = 0;
SPIRE = 1;
Expand Down Expand Up @@ -183,17 +194,15 @@ message Layer4 {
}
}

// This enum corresponds to Cilium's L7 accesslog FlowType:
// https://github.com/cilium/cilium/blob/728c79e427438ab6f8d9375b62fccd6fed4ace3a/pkg/proxy/accesslog/record.go#L26
// This enum corresponds to Cilium's L7 accesslog [FlowType](https://github.com/cilium/cilium/blob/728c79e427438ab6f8d9375b62fccd6fed4ace3a/pkg/proxy/accesslog/record.go#L26):
enum L7FlowType {
UNKNOWN_L7_TYPE = 0;
REQUEST = 1;
RESPONSE = 2;
SAMPLE = 3;
}

// Message for L7 flow, which roughly corresponds to Cilium's accesslog LogRecord:
// https://github.com/cilium/cilium/blob/728c79e427438ab6f8d9375b62fccd6fed4ace3a/pkg/proxy/accesslog/record.go#L141
// Message for L7 flow, which roughly corresponds to Cilium's accesslog [LogRecord](https://github.com/cilium/cilium/blob/728c79e427438ab6f8d9375b62fccd6fed4ace3a/pkg/proxy/accesslog/record.go#L141):
message Layer7 {
L7FlowType type = 1;
// Latency of the response
Expand All @@ -206,10 +215,9 @@ message Layer7 {
}
}

// TraceContext contains trace context propagation data, ie information about a
// TraceContext contains trace context propagation data, i.e. information about a
// distributed trace.
// For more information about trace context, check the W3C Trace Context
// specification: https://www.w3.org/TR/trace-context/
// For more information about trace context, check the [W3C Trace Context specification](https://www.w3.org/TR/trace-context/).
message TraceContext {
// parent identifies the incoming request in a tracing system.
TraceParent parent = 1;
Expand Down Expand Up @@ -391,6 +399,7 @@ enum DropReason {
INVALID_CLUSTER_ID = 192;
UNSUPPORTED_PROTOCOL_FOR_DSR_ENCAP = 193;
NO_EGRESS_GATEWAY = 194;
UNENCRYPTED_TRAFFIC = 195;
TTL_EXCEEDED = 196;
NO_NODE_ID = 197;
}
Expand All @@ -415,7 +424,14 @@ enum DebugCapturePoint {
DBG_CAPTURE_SNAT_POST = 11;
}

// EventTypeFilter is a filter describing a particular event type
message Policy {
string name = 1;
string namespace = 2;
repeated string labels = 3;
uint64 revision = 4;
}

// EventTypeFilter is a filter describing a particular event type.
message EventTypeFilter {
// type is the primary flow type as defined by:
// github.com/cilium/cilium/pkg/monitor/api.MessageType*
Expand All @@ -430,7 +446,7 @@ message EventTypeFilter {
int32 sub_type = 3;
}

// CiliumEventType from which the flow originated
// CiliumEventType from which the flow originated.
message CiliumEventType {
// type of event the flow originated from, i.e.
// github.com/cilium/cilium/pkg/monitor/api.MessageType*
Expand Down Expand Up @@ -515,6 +531,8 @@ message FlowFilter {
repeated string http_method = 21;
// http_path is a list of regular expressions to filter on the HTTP path.
repeated string http_path = 22;
// http_url is a list of regular expressions to filter on the HTTP URL.
repeated string http_url = 31;

// tcp_flags filters flows based on TCP header flags
repeated TCPFlags tcp_flags = 23;
Expand All @@ -539,8 +557,7 @@ enum EventType {
RecordLost = 2;
}

// DNS flow. This is basically directly mapped from Cilium's LogRecordDNS:
// https://github.com/cilium/cilium/blob/04f3889d627774f79e56d14ddbc165b3169e2d01/pkg/proxy/accesslog/record.go#L264
// DNS flow. This is basically directly mapped from Cilium's [LogRecordDNS](https://github.com/cilium/cilium/blob/04f3889d627774f79e56d14ddbc165b3169e2d01/pkg/proxy/accesslog/record.go#L264):
message DNS {
// DNS name that's being looked up: e.g. "isovalent.com."
string query = 1;
Expand Down Expand Up @@ -569,8 +586,7 @@ message HTTPHeader {
string value = 2;
}

// L7 information for HTTP flows. It corresponds to Cilium's accesslog.LogRecordHTTP type.
// https://github.com/cilium/cilium/blob/728c79e427438ab6f8d9375b62fccd6fed4ace3a/pkg/proxy/accesslog/record.go#L206
// L7 information for HTTP flows. It corresponds to Cilium's [accesslog.LogRecordHTTP](https://github.com/cilium/cilium/blob/728c79e427438ab6f8d9375b62fccd6fed4ace3a/pkg/proxy/accesslog/record.go#L206) type.
message HTTP {
uint32 code = 1;
string method = 2;
Expand All @@ -579,8 +595,7 @@ message HTTP {
repeated HTTPHeader headers = 5;
}

// L7 information for Kafka flows. It corresponds to Cilium's accesslog.LogRecordKafka type.
// https://github.com/cilium/cilium/blob/728c79e427438ab6f8d9375b62fccd6fed4ace3a/pkg/proxy/accesslog/record.go#L229
// L7 information for Kafka flows. It corresponds to Cilium's [accesslog.LogRecordKafka](https://github.com/cilium/cilium/blob/728c79e427438ab6f8d9375b62fccd6fed4ace3a/pkg/proxy/accesslog/record.go#L229) type.
message Kafka {
int32 error_code = 1;
int32 api_version = 2;
Expand Down Expand Up @@ -623,7 +638,7 @@ message LostEvent {
}

// AgentEventType is the type of agent event. These values are shared with type
// AgentNotification in pkg/monitor/api/types.go
// AgentNotification in pkg/monitor/api/types.go.
enum AgentEventType {
AGENT_EVENT_UNKNOWN = 0;
// used for AGENT_EVENT_GENERIC in monitor API, but there are currently no
Expand Down Expand Up @@ -813,4 +828,6 @@ enum DebugEventType {
DBG_SK_LOOKUP4 = 62;
DBG_SK_LOOKUP6 = 63;
DBG_SK_ASSIGN = 64;
DBG_L7_LB = 65;
DBG_SKIP_POLICY = 66;
}
Loading

0 comments on commit 05eebce

Please sign in to comment.