Skip to content

Commit

Permalink
Implement request #485 in sfcapd to store nat IP/port for sflow recor…
Browse files Browse the repository at this point in the history 
…ds if available
  • Loading branch information
@phaag
phaag committed Dec 3, 2023
1 parent 042e68b commit 295f514
Show file tree
Hide file tree
Showing 3 changed files with 244 additions and 199 deletions.
41 changes: 41 additions & 0 deletions src/sflow/sflow_nfdump.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -245,6 +245,15 @@ void StoreSflowRecord(SFSample *sample, FlowSource_t *fs) {
recordSize += EXbgpNextHopV6Size;
}

if ((sample->extended_data_tag & SASAMPLE_EXTENDED_DATA_NAT) != 0) {
if (sample->nat_src.type == SFLADDRESSTYPE_IP_V4) {
recordSize += (EXnselXlateIPv4Size + EXnselXlatePortSize);
}
if (sample->nat_src.type == SFLADDRESSTYPE_IP_V6) {
recordSize += (EXnselXlateIPv6Size + EXnselXlatePortSize);
}
}

if (fs->sa_family == AF_INET6) {
recordSize += EXipReceivedV6Size;
} else {
Expand Down Expand Up @@ -349,6 +358,38 @@ void StoreSflowRecord(SFSample *sample, FlowSource_t *fs) {
}
}

if ((sample->extended_data_tag & SASAMPLE_EXTENDED_DATA_NAT) != 0) {
switch (sample->nat_src.type) {
case SFLADDRESSTYPE_IP_V4:
dbg_printf("NAT v4 addr\n");
PushExtension(recordHeader, EXnselXlateIPv4, nselXlateIPv4);
nselXlateIPv4->xlateSrcAddr = ntohl(sample->nat_src.address.ip_v4.addr);
nselXlateIPv4->xlateDstAddr = ntohl(sample->nat_dst.address.ip_v4.addr);

PushExtension(recordHeader, EXnselXlatePort, nselXlatePort);
nselXlatePort->xlateSrcPort = sample->nat_src_port;
nselXlatePort->xlateDstPort = sample->nat_dst_port;
break;
case SFLADDRESSTYPE_IP_V6: {
dbg_printf("NAT v6 addr\n");
PushExtension(recordHeader, EXnselXlateIPv6, nselXlateIPv6);
uint64_t *addr = (void *)sample->nat_src.address.ip_v6.addr;
nselXlateIPv6->xlateSrcAddr[0] = ntohll(addr[0]);
nselXlateIPv6->xlateSrcAddr[1] = ntohll(addr[1]);
addr = (void *)sample->nat_dst.address.ip_v6.addr;
nselXlateIPv6->xlateDstAddr[0] = ntohll(addr[0]);
nselXlateIPv6->xlateDstAddr[1] = ntohll(addr[1]);

PushExtension(recordHeader, EXnselXlatePort, nselXlatePort);
nselXlatePort->xlateSrcPort = sample->nat_src_port;
nselXlatePort->xlateDstPort = sample->nat_dst_port;
} break;
default:
/* undefined address type - bail out */
LogError("SFLOW: getAddress() unknown address type = %d\n", sample->nat_src.type);
}
}

// add router IP
if (fs->sa_family == PF_INET6) {
PushExtension(recordHeader, EXipReceivedV6, ipReceivedV6);
Expand Down
8 changes: 5 additions & 3 deletions src/sflow/sflow_process.c
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2017-2021, Peter Haag
* Copyright (c) 2017-2023, Peter Haag
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
Expand Down Expand Up @@ -1269,8 +1269,10 @@ static void readExtendedNat(SFSample *sample) {

static void readExtendedNatPort(SFSample *sample) {
dbg_printf("extendedType NAT PORT\n");
sf_log_next32(sample, "nat_src_port");
sf_log_next32(sample, "nat_dst_port");
sample->nat_src_port = getData32(sample);
sample->nat_dst_port = getData32(sample);
dbg_printf("nat_src_port: %u\n", sample->nat_src_port);
dbg_printf("nat_dst_port: %u\n", sample->nat_dst_port);
}

/*_________________---------------------------__________________
Expand Down
Loading

0 comments on commit 295f514

Please sign in to comment.