Available on crate feature
alloc only.Expand description
Stable binary codec for serialising audit records to bytes.
Requires the alloc feature. std-gated readers and sinks
(crate::FileSink, crate::FileReader) use this codec under the
hood.
§Stability promise
The byte layout defined here is stable. Changing it is a breaking
change to any on-disk audit log. The format embeds a one-byte version
(FORMAT_VERSION) so future incompatible formats can coexist by
bumping it.
§File layout
┌────────────────────────────────────────────────────────────────┐
│ FILE HEADER (16 bytes) │
├────────────────────────────────────────────────────────────────┤
│ 0..8 "AUDTRAIL" magic │
│ 8 format version (currently 0x01) │
│ 9..16 reserved, zero │
├────────────────────────────────────────────────────────────────┤
│ RECORD FRAME (one per record, repeated) │
├────────────────────────────────────────────────────────────────┤
│ 0..4 record body length (u32 big-endian) │
│ 4.. record body │
└────────────────────────────────────────────────────────────────┘§Record body layout
0..8 id u64 big-endian
8..16 timestamp u64 big-endian (nanoseconds since Unix epoch)
16 outcome u8
17..49 prev_hash 32 bytes
49..81 hash 32 bytes
81..85 actor_len u32 big-endian
85.. actor UTF-8 bytes
... action_len u32 big-endian
... action UTF-8 bytes
... target_len u32 big-endian
... target UTF-8 bytesConstants§
- FILE_
HEADER_ LEN - Length of the file header in bytes.
- FORMAT_
MAGIC - File-format magic bytes. Appear at the start of every chain file.
- FORMAT_
VERSION - Current file-format version.
Functions§
- decode_
record - Decode a single length-prefixed record frame from the front of
bytes. Returns the decoded record plus the number of bytes consumed. - encode_
record - Encode
recordinto a length-prefixed frame appended toout. - verify_
file_ header - Verify that
bytesbegins with a valid file header. - write_
file_ header - Write the file header into
out.