tailscale/types/netlogtype/netlogtype.go

// Copyright (c) Tailscale Inc & AUTHORS
// SPDX-License-Identifier: BSD-3-Clause

// Package netlogtype defines types for network logging.
package netlogtype

import (
	"net/netip"
	"time"

	"tailscale.com/tailcfg"
	"tailscale.com/types/ipproto"
)

// Message is the log message that captures network traffic.
type Message struct {
	NodeID tailcfg.StableNodeID `json:"nodeId"` // e.g., "n123456CNTRL"

	Start time.Time `json:"start"` // inclusive
	End   time.Time `json:"end"`   // inclusive

	VirtualTraffic  []ConnectionCounts `json:"virtualTraffic,omitempty"`
	SubnetTraffic   []ConnectionCounts `json:"subnetTraffic,omitempty"`
	ExitTraffic     []ConnectionCounts `json:"exitTraffic,omitempty"`
	PhysicalTraffic []ConnectionCounts `json:"physicalTraffic,omitempty"`
}

const (
	messageJSON      = `{"nodeId":"n0123456789abcdefCNTRL",` + maxJSONTimeRange + `,` + minJSONTraffic + `}`
	maxJSONTimeRange = `"start":` + maxJSONRFC3339 + `,"end":` + maxJSONRFC3339
	maxJSONRFC3339   = `"0001-01-01T00:00:00.000000000Z"`
	minJSONTraffic   = `"virtualTraffic":{},"subnetTraffic":{},"exitTraffic":{},"physicalTraffic":{}`

	// MaxMessageJSONSize is the overhead size of Message when it is
	// serialized as JSON assuming that each traffic map is populated.
	MaxMessageJSONSize = len(messageJSON)

	maxJSONConnCounts = `{` + maxJSONConn + `,` + maxJSONCounts + `}`
	maxJSONConn       = `"proto":` + maxJSONProto + `,"src":` + maxJSONAddrPort + `,"dst":` + maxJSONAddrPort
	maxJSONProto      = `255`
	maxJSONAddrPort   = `"[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff]:65535"`
	maxJSONCounts     = `"txPkts":` + maxJSONCount + `,"txBytes":` + maxJSONCount + `,"rxPkts":` + maxJSONCount + `,"rxBytes":` + maxJSONCount
	maxJSONCount      = `18446744073709551615`

	// MaxConnectionCountsJSONSize is the maximum size of a ConnectionCounts
	// when it is serialized as JSON, assuming no superfluous whitespace.
	// It does not include the trailing comma that often appears when
	// this object is nested within an array.
	// It assumes that netip.Addr never has IPv6 zones.
	MaxConnectionCountsJSONSize = len(maxJSONConnCounts)
)

// ConnectionCounts is a flattened struct of both a connection and counts.
type ConnectionCounts struct {
	Connection
	Counts
}

// Connection is a 5-tuple of proto, source and destination IP and port.
type Connection struct {
	Proto ipproto.Proto  `json:"proto,omitzero"`
	Src   netip.AddrPort `json:"src,omitzero"`
	Dst   netip.AddrPort `json:"dst,omitzero"`
}

func (c Connection) IsZero() bool { return c == Connection{} }

// Counts are statistics about a particular connection.
type Counts struct {
	TxPackets uint64 `json:"txPkts,omitzero"`
	TxBytes   uint64 `json:"txBytes,omitzero"`
	RxPackets uint64 `json:"rxPkts,omitzero"`
	RxBytes   uint64 `json:"rxBytes,omitzero"`
}

func (c Counts) IsZero() bool { return c == Counts{} }

// Add adds the counts from both c1 and c2.
func (c1 Counts) Add(c2 Counts) Counts {
	c1.TxPackets += c2.TxPackets
	c1.TxBytes += c2.TxBytes
	c1.RxPackets += c2.RxPackets
	c1.RxBytes += c2.RxBytes
	return c1
}
all: update copyright and license headers This updates all source files to use a new standard header for copyright and license declaration. Notably, copyright no longer includes a date, and we now use the standard SPDX-License-Identifier header. This commit was done almost entirely mechanically with perl, and then some minimal manual fixes. Updates #6865 Signed-off-by: Will Norris <will@tailscale.com> 2023-01-27 13:37:20 -08:00			`// Copyright (c) Tailscale Inc & AUTHORS`
			`// SPDX-License-Identifier: BSD-3-Clause`
types/netlogtype: new package for network logging types (#6092) The netlog.Message type is useful to depend on from other packages, but doing so would transitively cause gvisor and other large packages to be linked in. Avoid this problem by moving all network logging types to a single package. We also update staticcheck to take in: https://github.com/dominikh/go-tools/commit/003d277bcf3bcc320b9fddf720cd0d49e0bfb782 Signed-off-by: Joe Tsai <joetsai@digital-static.net> 2022-10-27 14:14:18 -07:00
			`// Package netlogtype defines types for network logging.`
			`package netlogtype`

			`import (`
			`"net/netip"`
			`"time"`

wgengine/netlog: embed the StableNodeID of the authoring node (#6105) This allows network messages to be annotated with which node it came from. Signed-off-by: Joe Tsai <joetsai@digital-static.net> 2022-10-28 10:09:30 -07:00			`"tailscale.com/tailcfg"`
types/netlogtype: new package for network logging types (#6092) The netlog.Message type is useful to depend on from other packages, but doing so would transitively cause gvisor and other large packages to be linked in. Avoid this problem by moving all network logging types to a single package. We also update staticcheck to take in: https://github.com/dominikh/go-tools/commit/003d277bcf3bcc320b9fddf720cd0d49e0bfb782 Signed-off-by: Joe Tsai <joetsai@digital-static.net> 2022-10-27 14:14:18 -07:00			`"tailscale.com/types/ipproto"`
			`)`

			`// Message is the log message that captures network traffic.`
			`type Message struct {`
types/netlogtype: remove CBOR representation (#17545) Remove CBOR representation since it was never used. We should support CBOR in the future, but for remove it for now so that it is less work to add more fields. Also, rely on just omitzero for JSON now that it is supported in Go 1.24. Updates tailscale/corp#33352 Signed-off-by: Joe Tsai <joetsai@digital-static.net> 2025-10-15 14:04:45 -07:00			NodeID tailcfg.StableNodeID `json:"nodeId"` // e.g., "n123456CNTRL"
wgengine/netlog: embed the StableNodeID of the authoring node (#6105) This allows network messages to be annotated with which node it came from. Signed-off-by: Joe Tsai <joetsai@digital-static.net> 2022-10-28 10:09:30 -07:00
types/netlogtype: remove CBOR representation (#17545) Remove CBOR representation since it was never used. We should support CBOR in the future, but for remove it for now so that it is less work to add more fields. Also, rely on just omitzero for JSON now that it is supported in Go 1.24. Updates tailscale/corp#33352 Signed-off-by: Joe Tsai <joetsai@digital-static.net> 2025-10-15 14:04:45 -07:00			Start time.Time `json:"start"` // inclusive
			End time.Time `json:"end"` // inclusive
types/netlogtype: new package for network logging types (#6092) The netlog.Message type is useful to depend on from other packages, but doing so would transitively cause gvisor and other large packages to be linked in. Avoid this problem by moving all network logging types to a single package. We also update staticcheck to take in: https://github.com/dominikh/go-tools/commit/003d277bcf3bcc320b9fddf720cd0d49e0bfb782 Signed-off-by: Joe Tsai <joetsai@digital-static.net> 2022-10-27 14:14:18 -07:00
types/netlogtype: remove CBOR representation (#17545) Remove CBOR representation since it was never used. We should support CBOR in the future, but for remove it for now so that it is less work to add more fields. Also, rely on just omitzero for JSON now that it is supported in Go 1.24. Updates tailscale/corp#33352 Signed-off-by: Joe Tsai <joetsai@digital-static.net> 2025-10-15 14:04:45 -07:00			VirtualTraffic []ConnectionCounts `json:"virtualTraffic,omitempty"`
			SubnetTraffic []ConnectionCounts `json:"subnetTraffic,omitempty"`
			ExitTraffic []ConnectionCounts `json:"exitTraffic,omitempty"`
			PhysicalTraffic []ConnectionCounts `json:"physicalTraffic,omitempty"`
types/netlogtype: new package for network logging types (#6092) The netlog.Message type is useful to depend on from other packages, but doing so would transitively cause gvisor and other large packages to be linked in. Avoid this problem by moving all network logging types to a single package. We also update staticcheck to take in: https://github.com/dominikh/go-tools/commit/003d277bcf3bcc320b9fddf720cd0d49e0bfb782 Signed-off-by: Joe Tsai <joetsai@digital-static.net> 2022-10-27 14:14:18 -07:00			`}`

types/netlogtype: add constants for maximum serialized sizes of ConnectionCounts (#6163) There is a finite limit to the maximum message size that logtail can upload. We need to make sure network logging messages remain under this size. These constants allow us to compute the maximum number of ConnectionCounts we can buffer before we must flush. Signed-off-by: Joe Tsai <joetsai@digital-static.net> 2022-11-09 15:50:07 -08:00			`const (`
net/connstats: enforce maximum number of connections (#6760) The Tailscale logging service has a hard limit on the maximum log message size that can be accepted. We want to ensure that netlog messages never exceed this limit otherwise a client cannot transmit logs. Move the goroutine for periodically dumping netlog messages from wgengine/netlog to net/connstats. This allows net/connstats to manage when it dumps messages, either based on time or by size. Updates tailscale/corp#8427 Signed-off-by: Joe Tsai <joetsai@digital-static.net> 2022-12-16 10:14:00 -08:00			messageJSON = `{"nodeId":"n0123456789abcdefCNTRL",` + maxJSONTimeRange + `,` + minJSONTraffic + `}`
			maxJSONTimeRange = `"start":` + maxJSONRFC3339 + `,"end":` + maxJSONRFC3339
			maxJSONRFC3339 = `"0001-01-01T00:00:00.000000000Z"`
			minJSONTraffic = `"virtualTraffic":{},"subnetTraffic":{},"exitTraffic":{},"physicalTraffic":{}`

			`// MaxMessageJSONSize is the overhead size of Message when it is`
			`// serialized as JSON assuming that each traffic map is populated.`
			`MaxMessageJSONSize = len(messageJSON)`

types/netlogtype: add constants for maximum serialized sizes of ConnectionCounts (#6163) There is a finite limit to the maximum message size that logtail can upload. We need to make sure network logging messages remain under this size. These constants allow us to compute the maximum number of ConnectionCounts we can buffer before we must flush. Signed-off-by: Joe Tsai <joetsai@digital-static.net> 2022-11-09 15:50:07 -08:00			maxJSONConnCounts = `{` + maxJSONConn + `,` + maxJSONCounts + `}`
			maxJSONConn = `"proto":` + maxJSONProto + `,"src":` + maxJSONAddrPort + `,"dst":` + maxJSONAddrPort
			maxJSONProto = `255`
			maxJSONAddrPort = `"[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff]:65535"`
			maxJSONCounts = `"txPkts":` + maxJSONCount + `,"txBytes":` + maxJSONCount + `,"rxPkts":` + maxJSONCount + `,"rxBytes":` + maxJSONCount
			maxJSONCount = `18446744073709551615`

			`// MaxConnectionCountsJSONSize is the maximum size of a ConnectionCounts`
			`// when it is serialized as JSON, assuming no superfluous whitespace.`
			`// It does not include the trailing comma that often appears when`
			`// this object is nested within an array.`
			`// It assumes that netip.Addr never has IPv6 zones.`
			`MaxConnectionCountsJSONSize = len(maxJSONConnCounts)`
			`)`

types/netlogtype: new package for network logging types (#6092) The netlog.Message type is useful to depend on from other packages, but doing so would transitively cause gvisor and other large packages to be linked in. Avoid this problem by moving all network logging types to a single package. We also update staticcheck to take in: https://github.com/dominikh/go-tools/commit/003d277bcf3bcc320b9fddf720cd0d49e0bfb782 Signed-off-by: Joe Tsai <joetsai@digital-static.net> 2022-10-27 14:14:18 -07:00			`// ConnectionCounts is a flattened struct of both a connection and counts.`
			`type ConnectionCounts struct {`
			`Connection`
			`Counts`
			`}`

			`// Connection is a 5-tuple of proto, source and destination IP and port.`
			`type Connection struct {`
types/netlogtype: remove CBOR representation (#17545) Remove CBOR representation since it was never used. We should support CBOR in the future, but for remove it for now so that it is less work to add more fields. Also, rely on just omitzero for JSON now that it is supported in Go 1.24. Updates tailscale/corp#33352 Signed-off-by: Joe Tsai <joetsai@digital-static.net> 2025-10-15 14:04:45 -07:00			Proto ipproto.Proto `json:"proto,omitzero"`
			Src netip.AddrPort `json:"src,omitzero"`
			Dst netip.AddrPort `json:"dst,omitzero"`
types/netlogtype: new package for network logging types (#6092) The netlog.Message type is useful to depend on from other packages, but doing so would transitively cause gvisor and other large packages to be linked in. Avoid this problem by moving all network logging types to a single package. We also update staticcheck to take in: https://github.com/dominikh/go-tools/commit/003d277bcf3bcc320b9fddf720cd0d49e0bfb782 Signed-off-by: Joe Tsai <joetsai@digital-static.net> 2022-10-27 14:14:18 -07:00			`}`

			`func (c Connection) IsZero() bool { return c == Connection{} }`

			`// Counts are statistics about a particular connection.`
			`type Counts struct {`
types/netlogtype: remove CBOR representation (#17545) Remove CBOR representation since it was never used. We should support CBOR in the future, but for remove it for now so that it is less work to add more fields. Also, rely on just omitzero for JSON now that it is supported in Go 1.24. Updates tailscale/corp#33352 Signed-off-by: Joe Tsai <joetsai@digital-static.net> 2025-10-15 14:04:45 -07:00			TxPackets uint64 `json:"txPkts,omitzero"`
			TxBytes uint64 `json:"txBytes,omitzero"`
			RxPackets uint64 `json:"rxPkts,omitzero"`
			RxBytes uint64 `json:"rxBytes,omitzero"`
types/netlogtype: new package for network logging types (#6092) The netlog.Message type is useful to depend on from other packages, but doing so would transitively cause gvisor and other large packages to be linked in. Avoid this problem by moving all network logging types to a single package. We also update staticcheck to take in: https://github.com/dominikh/go-tools/commit/003d277bcf3bcc320b9fddf720cd0d49e0bfb782 Signed-off-by: Joe Tsai <joetsai@digital-static.net> 2022-10-27 14:14:18 -07:00			`}`

			`func (c Counts) IsZero() bool { return c == Counts{} }`

			`// Add adds the counts from both c1 and c2.`
			`func (c1 Counts) Add(c2 Counts) Counts {`
			`c1.TxPackets += c2.TxPackets`
			`c1.TxBytes += c2.TxBytes`
			`c1.RxPackets += c2.RxPackets`
			`c1.RxBytes += c2.RxBytes`
			`return c1`
			`}`