Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions src/pages/en/display_filters.md
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,8 @@ http # HTTP traffic
dns # DNS traffic
redis # Redis traffic
kafka # Kafka traffic
mysql # MySQL traffic
postgresql # PostgreSQL traffic
tls # TLS/encrypted traffic
```

Expand Down
2 changes: 1 addition & 1 deletion src/pages/en/mcp/l7_tools.md
Original file line number Diff line number Diff line change
Expand Up @@ -363,7 +363,7 @@ See [KFL2 Documentation](/en/v2/kfl2) for full syntax.
| `ts` | int64 | Timestamp (Unix ms) |
| `src` | Endpoint | Source endpoint |
| `dst` | Endpoint | Destination endpoint |
| `proto` | string | Protocol: `http`, `grpc`, `redis`, etc. |
| `proto` | string | Protocol: `http`, `grpc`, `redis`, `mysql`, `postgresql`, etc. |
| `method` | string | HTTP method or RPC name |
| `path` | string | Request path |
| `status` | int | Response status code |
Expand Down
7 changes: 7 additions & 0 deletions src/pages/en/protocols.md
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,13 @@ Kubeshark supports a comprehensive range of network protocols across multiple la
| [WebSocket](https://datatracker.ietf.org/doc/html/rfc6455) | RFC 6455 | Full-duplex communication over HTTP |
| [GraphQL](https://graphql.org/learn/serving-over-http/) | HTTP/1.1 & HTTP/2 | Query language for APIs |

### Database Protocols

| Protocol | Description |
|----------|-------------|
| [MySQL](https://dev.mysql.com/doc/dev/mysql-server/latest/page_protocol_basics.html) | MySQL wire protocol (COM_QUERY, COM_STMT_PREPARE, COM_INIT_DB) |
| [PostgreSQL](https://www.postgresql.org/docs/current/protocol.html) | PostgreSQL wire protocol (Simple Query and Extended Query) |

### Messaging & Streaming

| Protocol | Description |
Expand Down
54 changes: 52 additions & 2 deletions src/pages/en/v2/kfl2.md
Original file line number Diff line number Diff line change
Expand Up @@ -165,8 +165,10 @@ Boolean variables that indicate which protocol was detected. Use these as the fi
| `sctp` | SCTP | `gql` | GraphQL (v1 + v2) |
| `icmp` | ICMP | `gqlv1` / `gqlv2` | GraphQL version-specific |
| `grpc` | gRPC over HTTP/2 | `conn` / `flow` | L4 connection/flow tracking |
| `radius` | RADIUS | `tcp_conn` / `udp_conn` | Transport-specific connections |
| `diameter` | Diameter | `tcp_flow` / `udp_flow` | Transport-specific flows |
| `mysql` | MySQL | `tcp_conn` / `udp_conn` | Transport-specific connections |
| `postgresql` | PostgreSQL | `tcp_flow` / `udp_flow` | Transport-specific flows |
| `radius` | RADIUS | | |
| `diameter` | Diameter | | |

### Identity and Metadata Variables

Expand Down Expand Up @@ -226,6 +228,36 @@ gRPC traffic is detected as a sub-protocol of HTTP/2. When `grpc` is true, all H
| `grpc_method` | string | gRPC method name extracted from the `:path` trailing segment (e.g. `/helloworld.Greeter/SayHello` → `SayHello`) |
| `grpc_status` | int | gRPC status code from the `Grpc-Status` response header/trailer (defaults to `0` / OK when absent) |

### MySQL Variables

| Variable | Type | Description |
|----------|------|-------------|
| `mysql_command` | string | MySQL command name (COM_QUERY, COM_STMT_PREPARE, COM_INIT_DB) |
| `mysql_query` | string | SQL query text |
| `mysql_database` | string | Database name |
| `mysql_statement_id` | int | Prepared statement identifier |
| `mysql_request_size` | int | Request size in bytes |
| `mysql_response_size` | int | Response size in bytes |
| `mysql_total_size` | int | Sum of request + response sizes |
| `mysql_success` | bool | True if response is OK (not ERR) |
| `mysql_error_code` | int | MySQL error code |
| `mysql_error_message` | string | MySQL error message text |

### PostgreSQL Variables

| Variable | Type | Description |
|----------|------|-------------|
| `postgresql_command` | string | Command tag (Query, Parse, Bind, Execute) |
| `postgresql_query` | string | SQL query text |
| `postgresql_database` | string | Database name |
| `postgresql_user` | string | Username |
| `postgresql_request_size` | int | Request size in bytes |
| `postgresql_response_size` | int | Response size in bytes |
| `postgresql_total_size` | int | Sum of request + response sizes |
| `postgresql_success` | bool | True if no ErrorResponse |
| `postgresql_error_code` | string | SQLSTATE error code |
| `postgresql_error_message` | string | Error message text |

### DNS Variables

| Variable | Type | Description |
Expand Down Expand Up @@ -546,6 +578,24 @@ dst.dns != "" && !dst.dns.endsWith(".internal")
### Database and Messaging Filtering

```cel
# MySQL queries
mysql && mysql_command == "COM_QUERY"

# MySQL queries to a specific database
mysql && mysql_database == "orders"

# Failed MySQL queries
mysql && !mysql_success

# PostgreSQL queries
postgresql && postgresql_command == "Query"

# PostgreSQL errors by SQLSTATE code
postgresql && postgresql_error_code != ""

# PostgreSQL queries by user
postgresql && postgresql_user == "app_service"

# Redis GET commands
redis && redis_type == "GET"

Expand Down