2025-02-25 12:22:54 +01:00
|
|
|
syntax = "proto3";
|
|
|
|
|
|
2025-02-27 12:29:50 +01:00
|
|
|
import "google/protobuf/timestamp.proto";
|
|
|
|
|
|
2025-02-25 12:22:54 +01:00
|
|
|
option go_package = "/proto";
|
|
|
|
|
|
2025-02-28 03:51:57 +01:00
|
|
|
package flow;
|
2025-02-25 12:22:54 +01:00
|
|
|
|
|
|
|
|
service FlowService {
|
|
|
|
|
// Client to receiver streams of events and acknowledgements
|
2025-02-25 17:29:54 +01:00
|
|
|
rpc Events(stream FlowEvent) returns (stream FlowEventAck) {}
|
2025-02-25 12:22:54 +01:00
|
|
|
}
|
|
|
|
|
|
2025-02-25 17:29:54 +01:00
|
|
|
message FlowEvent {
|
2025-02-25 12:22:54 +01:00
|
|
|
// Unique client event identifier
|
|
|
|
|
string event_id = 1;
|
|
|
|
|
|
2025-02-27 12:29:50 +01:00
|
|
|
// When the event occurred
|
2025-03-04 16:57:25 +01:00
|
|
|
google.protobuf.Timestamp timestamp = 2;
|
2025-02-27 12:29:50 +01:00
|
|
|
|
|
|
|
|
// Public key of the sending peer
|
2025-03-04 16:57:25 +01:00
|
|
|
bytes public_key = 3;
|
2025-02-27 12:29:50 +01:00
|
|
|
|
2025-03-04 16:57:25 +01:00
|
|
|
FlowFields flow_fields = 4;
|
2025-02-25 12:22:54 +01:00
|
|
|
}
|
|
|
|
|
|
2025-02-25 17:29:54 +01:00
|
|
|
message FlowEventAck {
|
2025-02-25 12:22:54 +01:00
|
|
|
// Unique client event identifier that has been ack'ed
|
|
|
|
|
string event_id = 1;
|
|
|
|
|
}
|
|
|
|
|
|
2025-03-04 16:43:07 +01:00
|
|
|
message FlowFields {
|
|
|
|
|
// Unique client flow session identifier
|
|
|
|
|
bytes flow_id = 1;
|
|
|
|
|
|
|
|
|
|
// Flow type
|
|
|
|
|
Type type = 2;
|
|
|
|
|
|
|
|
|
|
// RuleId identifies the rule that allowed or denied the connection
|
|
|
|
|
bytes rule_id = 3;
|
2025-02-27 12:29:50 +01:00
|
|
|
|
|
|
|
|
// Initiating traffic direction
|
2025-03-04 16:43:07 +01:00
|
|
|
Direction direction = 4;
|
2025-02-27 12:29:50 +01:00
|
|
|
|
|
|
|
|
// IP protocol number
|
2025-03-04 16:43:07 +01:00
|
|
|
uint32 protocol = 5;
|
2025-02-27 12:29:50 +01:00
|
|
|
|
|
|
|
|
// Source IP address
|
2025-03-04 16:43:07 +01:00
|
|
|
bytes source_ip = 6;
|
2025-02-27 12:29:50 +01:00
|
|
|
|
|
|
|
|
// Destination IP address
|
2025-03-04 16:43:07 +01:00
|
|
|
bytes dest_ip = 7;
|
2025-02-27 12:29:50 +01:00
|
|
|
|
|
|
|
|
// Layer 4 -specific information
|
|
|
|
|
oneof connection_info {
|
|
|
|
|
// TCP/UDP port information
|
2025-03-04 16:43:07 +01:00
|
|
|
PortInfo port_info = 8;
|
2025-02-27 12:29:50 +01:00
|
|
|
|
|
|
|
|
// ICMP type and code
|
2025-03-04 16:43:07 +01:00
|
|
|
ICMPInfo icmp_info = 9;
|
2025-02-27 12:29:50 +01:00
|
|
|
}
|
2025-03-04 16:46:03 +01:00
|
|
|
|
|
|
|
|
// Number of packets
|
|
|
|
|
uint64 rx_packets = 10;
|
|
|
|
|
uint64 tx_packets = 11;
|
|
|
|
|
|
|
|
|
|
// Number of bytes
|
|
|
|
|
uint64 rx_bytes = 12;
|
|
|
|
|
uint64 tx_bytes = 13;
|
2025-02-27 12:29:50 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Flow event types
|
|
|
|
|
enum Type {
|
|
|
|
|
TYPE_UNKNOWN = 0;
|
|
|
|
|
TYPE_START = 1;
|
|
|
|
|
TYPE_END = 2;
|
2025-02-28 20:04:59 +01:00
|
|
|
TYPE_DROP = 3;
|
2025-02-27 12:29:50 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Flow direction
|
|
|
|
|
enum Direction {
|
|
|
|
|
DIRECTION_UNKNOWN = 0;
|
|
|
|
|
INGRESS = 1;
|
|
|
|
|
EGRESS = 2;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// TCP/UDP port information
|
|
|
|
|
message PortInfo {
|
|
|
|
|
uint32 source_port = 1;
|
|
|
|
|
uint32 dest_port = 2;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// ICMP message information
|
|
|
|
|
message ICMPInfo {
|
|
|
|
|
uint32 icmp_type = 1;
|
|
|
|
|
uint32 icmp_code = 2;
|
|
|
|
|
}
|
