diff --git a/src/pages/en/display_filters.md b/src/pages/en/display_filters.md index 1e7f9d8..60832e3 100644 --- a/src/pages/en/display_filters.md +++ b/src/pages/en/display_filters.md @@ -69,6 +69,8 @@ http # HTTP traffic dns # DNS traffic redis # Redis traffic kafka # Kafka traffic +mysql # MySQL traffic +postgresql # PostgreSQL traffic tls # TLS/encrypted traffic ``` diff --git a/src/pages/en/mcp/l7_tools.md b/src/pages/en/mcp/l7_tools.md index ff696d3..a4600a3 100644 --- a/src/pages/en/mcp/l7_tools.md +++ b/src/pages/en/mcp/l7_tools.md @@ -363,7 +363,7 @@ See [KFL2 Documentation](/en/v2/kfl2) for full syntax. | `ts` | int64 | Timestamp (Unix ms) | | `src` | Endpoint | Source endpoint | | `dst` | Endpoint | Destination endpoint | -| `proto` | string | Protocol: `http`, `grpc`, `redis`, etc. | +| `proto` | string | Protocol: `http`, `grpc`, `redis`, `mysql`, `postgresql`, etc. | | `method` | string | HTTP method or RPC name | | `path` | string | Request path | | `status` | int | Response status code | diff --git a/src/pages/en/protocols.md b/src/pages/en/protocols.md index 230dc55..65cde9f 100644 --- a/src/pages/en/protocols.md +++ b/src/pages/en/protocols.md @@ -21,6 +21,13 @@ Kubeshark supports a comprehensive range of network protocols across multiple la | [WebSocket](https://datatracker.ietf.org/doc/html/rfc6455) | RFC 6455 | Full-duplex communication over HTTP | | [GraphQL](https://graphql.org/learn/serving-over-http/) | HTTP/1.1 & HTTP/2 | Query language for APIs | +### Database Protocols + +| Protocol | Description | +|----------|-------------| +| [MySQL](https://dev.mysql.com/doc/dev/mysql-server/latest/page_protocol_basics.html) | MySQL wire protocol (COM_QUERY, COM_STMT_PREPARE, COM_INIT_DB) | +| [PostgreSQL](https://www.postgresql.org/docs/current/protocol.html) | PostgreSQL wire protocol (Simple Query and Extended Query) | + ### Messaging & Streaming | Protocol | Description | diff --git a/src/pages/en/v2/kfl2.md b/src/pages/en/v2/kfl2.md index 316585f..29806c4 100644 --- a/src/pages/en/v2/kfl2.md +++ b/src/pages/en/v2/kfl2.md @@ -165,8 +165,10 @@ Boolean variables that indicate which protocol was detected. Use these as the fi | `sctp` | SCTP | `gql` | GraphQL (v1 + v2) | | `icmp` | ICMP | `gqlv1` / `gqlv2` | GraphQL version-specific | | `grpc` | gRPC over HTTP/2 | `conn` / `flow` | L4 connection/flow tracking | -| `radius` | RADIUS | `tcp_conn` / `udp_conn` | Transport-specific connections | -| `diameter` | Diameter | `tcp_flow` / `udp_flow` | Transport-specific flows | +| `mysql` | MySQL | `tcp_conn` / `udp_conn` | Transport-specific connections | +| `postgresql` | PostgreSQL | `tcp_flow` / `udp_flow` | Transport-specific flows | +| `radius` | RADIUS | | | +| `diameter` | Diameter | | | ### Identity and Metadata Variables @@ -226,6 +228,36 @@ gRPC traffic is detected as a sub-protocol of HTTP/2. When `grpc` is true, all H | `grpc_method` | string | gRPC method name extracted from the `:path` trailing segment (e.g. `/helloworld.Greeter/SayHello` → `SayHello`) | | `grpc_status` | int | gRPC status code from the `Grpc-Status` response header/trailer (defaults to `0` / OK when absent) | +### MySQL Variables + +| Variable | Type | Description | +|----------|------|-------------| +| `mysql_command` | string | MySQL command name (COM_QUERY, COM_STMT_PREPARE, COM_INIT_DB) | +| `mysql_query` | string | SQL query text | +| `mysql_database` | string | Database name | +| `mysql_statement_id` | int | Prepared statement identifier | +| `mysql_request_size` | int | Request size in bytes | +| `mysql_response_size` | int | Response size in bytes | +| `mysql_total_size` | int | Sum of request + response sizes | +| `mysql_success` | bool | True if response is OK (not ERR) | +| `mysql_error_code` | int | MySQL error code | +| `mysql_error_message` | string | MySQL error message text | + +### PostgreSQL Variables + +| Variable | Type | Description | +|----------|------|-------------| +| `postgresql_command` | string | Command tag (Query, Parse, Bind, Execute) | +| `postgresql_query` | string | SQL query text | +| `postgresql_database` | string | Database name | +| `postgresql_user` | string | Username | +| `postgresql_request_size` | int | Request size in bytes | +| `postgresql_response_size` | int | Response size in bytes | +| `postgresql_total_size` | int | Sum of request + response sizes | +| `postgresql_success` | bool | True if no ErrorResponse | +| `postgresql_error_code` | string | SQLSTATE error code | +| `postgresql_error_message` | string | Error message text | + ### DNS Variables | Variable | Type | Description | @@ -546,6 +578,24 @@ dst.dns != "" && !dst.dns.endsWith(".internal") ### Database and Messaging Filtering ```cel +# MySQL queries +mysql && mysql_command == "COM_QUERY" + +# MySQL queries to a specific database +mysql && mysql_database == "orders" + +# Failed MySQL queries +mysql && !mysql_success + +# PostgreSQL queries +postgresql && postgresql_command == "Query" + +# PostgreSQL errors by SQLSTATE code +postgresql && postgresql_error_code != "" + +# PostgreSQL queries by user +postgresql && postgresql_user == "app_service" + # Redis GET commands redis && redis_type == "GET"