fix the logs

Author: zonblade

router-api/src/module/ai_security/thread_xgboost.rs

@@ -11,27 +11,99 @@ use std::sync::mpsc::Receiver;
 /// Represents a parsed ML feature log for inference
 #[derive(Debug, Clone)]
 pub struct MlFeatureLog {
+    // Identification
     pub conn_id: String,
+
+    // Timing
     pub duration_ms: f32,
+
+    // HTTP
+    pub http_status: f32,
+    pub http_method: String,
+    pub protocol: String,
+
+    // Size metrics
+    pub size_in: f32,
+    pub size_out: f32,
+
+    // TCP metrics (10 fields)
     pub tcp_rtt: f32,
     pub tcp_retrans: f32,
     pub tcp_lost: f32,
-    pub http_status: f32,
-    // Add more features as needed to match your 43 features
+    pub tcp_send_wnd: f32,
+    pub tcp_recv_wnd: f32,
+    pub tcp_send_mss: f32,
+    pub tcp_recv_mss: f32,
+    pub tcp_bytes_acked: f32,
+    pub tcp_segs_in: f32,
+    pub tcp_segs_out: f32,
+
+    // TLS
+    pub tls_version: String,
+
+    // Network
+    pub client_ip: String,
+    pub client_port: f32,
+    pub server_ip: String,
+    pub server_port: f32,
 }
 
 impl MlFeatureLog {
     /// Converts the log into a feature vector for model inference
     pub fn to_feature_vector(&self) -> Vec<f32> {
         vec![
             self.duration_ms,
+            self.http_status,
+            self.size_in,
+            self.size_out,
             self.tcp_rtt,
             self.tcp_retrans,
             self.tcp_lost,
-            self.http_status,
-            // Add all 43 features here in the correct order
+            self.tcp_send_wnd,
+            self.tcp_recv_wnd,
+            self.tcp_send_mss,
+            self.tcp_recv_mss,
+            self.tcp_bytes_acked,
+            self.tcp_segs_in,
+            self.tcp_segs_out,
+            self.client_port,
+            self.server_port,
+            self.encode_protocol(),
+            self.encode_method(),
+            self.encode_tls(),
         ]
     }
+
+    fn encode_protocol(&self) -> f32 {
+        match self.protocol.as_str() {
+            "HTTP/1.0" => 0.0,
+            "HTTP/1.1" => 1.0,
+            "HTTP/2" => 2.0,
+            "HTTP/3" => 3.0,
+            _ => 0.0,
+        }
+    }
+
+    fn encode_method(&self) -> f32 {
+        match self.http_method.as_str() {
+            "GET" => 0.0,
+            "POST" => 1.0,
+            "PUT" => 2.0,
+            "DELETE" => 3.0,
+            "PATCH" => 4.0,
+            "HEAD" => 5.0,
+            "OPTIONS" => 6.0,
+            _ => 7.0,
+        }
+    }
+
+    fn encode_tls(&self) -> f32 {
+        if self.tls_version == "-" || self.tls_version.is_empty() {
+            0.0
+        } else {
+            1.0
+        }
+    }
 }
 
 /// XGBoost thread handler that processes ML logs and runs inference

router-api/src/module/memory_log/logging/gateway.rs

@@ -152,6 +152,20 @@ async fn process_batch(
         let mut tcp_rtt: u32 = 0;
         let mut tcp_retrans: u32 = 0;
         let mut tcp_lost: u32 = 0;
+        let mut protocol = String::new();
+        let mut http_method = String::new();
+        let mut tcp_send_wnd: u32 = 0;
+        let mut tcp_recv_wnd: u32 = 0;
+        let mut tcp_send_mss: u32 = 0;
+        let mut tcp_recv_mss: u32 = 0;
+        let mut tcp_bytes_acked: u64 = 0;
+        let mut tcp_segs_in: u32 = 0;
+        let mut tcp_segs_out: u32 = 0;
+        let mut tls_version = String::new();
+        let mut client_ip = String::new();
+        let mut client_port: u16 = 0;
+        let mut server_ip = String::new();
+        let mut server_port: u16 = 0;
 
         // Direct field extraction
         for field in message_inner.split(',') {
@@ -178,13 +192,35 @@ async fn process_batch(
                     "TCP_RTT" if ai_enabled => tcp_rtt = value.parse().unwrap_or(0),
                     "TCP_RETRANS" if ai_enabled => tcp_retrans = value.parse().unwrap_or(0),
                     "TCP_LOST" if ai_enabled => tcp_lost = value.parse().unwrap_or(0),
+                    "PROTO" if ai_enabled => protocol = value.to_string(),
+                    "METHOD" if ai_enabled => http_method = value.to_string(),
+                    "TCP_SND_WND" if ai_enabled => tcp_send_wnd = value.parse().unwrap_or(0),
+                    "TCP_RCV_WND" if ai_enabled => tcp_recv_wnd = value.parse().unwrap_or(0),
+                    "TCP_SND_MSS" if ai_enabled => tcp_send_mss = value.parse().unwrap_or(0),
+                    "TCP_RCV_MSS" if ai_enabled => tcp_recv_mss = value.parse().unwrap_or(0),
+                    "TCP_BYTES_ACKED" if ai_enabled => tcp_bytes_acked = value.parse().unwrap_or(0),
+                    "TCP_SEGS_IN" if ai_enabled => tcp_segs_in = value.parse().unwrap_or(0),
+                    "TCP_SEGS_OUT" if ai_enabled => tcp_segs_out = value.parse().unwrap_or(0),
+                    "TLS_VER" if ai_enabled => tls_version = value.to_string(),
+                    "CLIENT" if ai_enabled => {
+                        if let Some((ip, port)) = value.rsplit_once(':') {
+                            client_ip = ip.to_string();
+                            client_port = port.parse().unwrap_or(0);
+                        }
+                    },
+                    "SERVER" if ai_enabled => {
+                        if let Some((ip, port)) = value.rsplit_once(':') {
+                            server_ip = ip.to_string();
+                            server_port = port.parse().unwrap_or(0);
+                        }
+                    },
 
-                    // Skip ML fields when disabled (zero overhead)
-                    "DUR" | "PROTO" | "METHOD" |
-                    "TCP_RTT" | "TCP_RETRANS" | "TCP_LOST" |
-                    "TCP_SND_WND" | "TCP_RCV_WND" | "TCP_SND_MSS" | "TCP_RCV_MSS" |
-                    "TCP_BYTES_ACKED" | "TCP_SEGS_IN" | "TCP_SEGS_OUT" |
-                    "TLS_VER" | "CLIENT" | "SERVER" => {},
+                    // All ML fields are now parsed above when ai_enabled
+                    _ if !ai_enabled && matches!(*key, "DUR" | "PROTO" | "METHOD" |
+                        "TCP_RTT" | "TCP_RETRANS" | "TCP_LOST" |
+                        "TCP_SND_WND" | "TCP_RCV_WND" | "TCP_SND_MSS" | "TCP_RCV_MSS" |
+                        "TCP_BYTES_ACKED" | "TCP_SEGS_IN" | "TCP_SEGS_OUT" |
+                        "TLS_VER" | "CLIENT" | "SERVER") => {},
 
                     _ => {} // Ignore unknown fields
                 }
@@ -228,10 +264,26 @@ async fn process_batch(
             let ml_log = MlFeatureLog {
                 conn_id: conn_id.clone(),
                 duration_ms,
+                http_status: status_code as f32,
+                http_method,
+                protocol,
+                size_in: bytes_in as f32,
+                size_out: bytes_out as f32,
                 tcp_rtt: tcp_rtt as f32,
                 tcp_retrans: tcp_retrans as f32,
                 tcp_lost: tcp_lost as f32,
-                http_status: status_code as f32,
+                tcp_send_wnd: tcp_send_wnd as f32,
+                tcp_recv_wnd: tcp_recv_wnd as f32,
+                tcp_send_mss: tcp_send_mss as f32,
+                tcp_recv_mss: tcp_recv_mss as f32,
+                tcp_bytes_acked: tcp_bytes_acked as f32,
+                tcp_segs_in: tcp_segs_in as f32,
+                tcp_segs_out: tcp_segs_out as f32,
+                tls_version,
+                client_ip,
+                client_port: client_port as f32,
+                server_ip,
+                server_port: server_port as f32,
             };
             ai_security::send_to_inference(ml_log);
         }

router-core/src/app/gateway_fast.rs

@@ -642,15 +642,19 @@ impl ProxyHttp for GatewayApp {
             // Socket addresses
             if let Some(socket_digest) = &digest.socket_digest {
                 if let Some(peer_addr) = socket_digest.peer_addr() {
-                    // Convert entire address to string, parse later if needed
                     let addr_str = peer_addr.to_string();
-                    _ctx.client_ip = Some(addr_str.clone());
-                    _ctx.client_port = None; // Parse from addr_str if needed
+                    // Use rsplit_once to handle IPv6 addresses like [::1]:8080
+                    if let Some((ip, port)) = addr_str.rsplit_once(':') {
+                        _ctx.client_ip = Some(ip.to_string());
+                        _ctx.client_port = port.parse().ok();
+                    }
                 }
                 if let Some(local_addr) = socket_digest.local_addr() {
                     let addr_str = local_addr.to_string();
-                    _ctx.server_ip = Some(addr_str.clone());
-                    _ctx.server_port = None; // Parse from addr_str if needed
+                    if let Some((ip, port)) = addr_str.rsplit_once(':') {
+                        _ctx.server_ip = Some(ip.to_string());
+                        _ctx.server_port = port.parse().ok();
+                    }
                 }
 
                 // TCP_INFO (Linux only)