Skip to content

Commit

Permalink
feat(inputs.netflow): Add support for IPFIX option packets (#15314)
Browse files Browse the repository at this point in the history
  • Loading branch information
srebhan authored May 10, 2024
1 parent e389b7b commit bf0c8e8
Show file tree
Hide file tree
Showing 13 changed files with 158 additions and 0 deletions.
28 changes: 28 additions & 0 deletions plugins/inputs/netflow/netflow_decoder.go
Original file line number Diff line number Diff line change
Expand Up @@ -634,6 +634,34 @@ func (d *netflowDecoder) Decode(srcIP net.IP, payload []byte) ([]telegraf.Metric
case netflow.TemplateFlowSet:
case netflow.IPFIXOptionsTemplateFlowSet:
case netflow.OptionsDataFlowSet:
for _, record := range fs.Records {
tags := map[string]string{
"source": src,
"version": "IPFIX",
}
fields := make(map[string]interface{})
for _, value := range record.ScopesValues {
decodedFields, err := d.decodeValueIPFIX(value)
if err != nil {
d.Log.Errorf("decoding option record %+v failed: %v", record, err)
continue
}
for _, field := range decodedFields {
fields[field.Key] = field.Value
}
}
for _, value := range record.OptionsValues {
decodedFields, err := d.decodeValueIPFIX(value)
if err != nil {
d.Log.Errorf("decoding option record %+v failed: %v", record, err)
continue
}
for _, field := range decodedFields {
fields[field.Key] = field.Value
}
}
metrics = append(metrics, metric.New("netflow_options", tags, fields, t))
}
case netflow.DataFlowSet:
for _, record := range fs.Records {
tags := map[string]string{
Expand Down
2 changes: 2 additions & 0 deletions plugins/inputs/netflow/testcases/ipfix_example/expected.out
Original file line number Diff line number Diff line change
Expand Up @@ -27,3 +27,5 @@ netflow,source=127.0.0.1,version=IPFIX type_29305_86="0x00000009",flow_end_ms=16
netflow,source=127.0.0.1,version=IPFIX vlan_src=0u,type_29305_85="0x00001590",src="192.168.119.100",protocol="udp",dst_port=443u,type_29305_58="0x0000",type_29305_86="0x00000015",flow_start_ms=1666345514168u,src_tos="0x00",type_6871_rev_40="0x0000",dst="142.250.186.170",in_total_packets=17u,src_port=58246u,type_6871_21="0x00000012",flow_end_ms=1666345525871u,flow_end_reason="forced end",type_29305_5="0x00",type_6871_40="0x0000",in_total_bytes=3248u 1684917213508463452
netflow,source=127.0.0.1,version=IPFIX dst="140.82.121.3",flow_start_ms=1666345521019u,type_29305_86="0x000000d4",type_6871_40="0x0000",type_29305_85="0x0003e1d9",in_total_packets=125u,protocol="tcp",flow_end_reason="forced end",in_total_bytes=16640u,type_29305_58="0x0000",flow_end_ms=1666345525880u,type_6871_21="0x00000009",type_29305_5="0x00",dst_port=443u,src_tos="0x00",type_6871_rev_40="0x0000",vlan_src=0u,src="192.168.119.100",src_port=37792u 1684917213508608204
netflow,source=127.0.0.1,version=IPFIX type_6871_40="0x0001",src="192.168.119.100",vlan_src=0u,type_6871_rev_40="0x0000",type_29305_58="0x0000",src_port=50077u,flow_end_ms=1666345527739u,type_29305_5="0x00",flow_start_ms=1666345527739u,in_total_packets=2u,src_tos="0x00",flow_end_reason="forced end",type_6871_21="0x00000000",type_29305_86="0x00000002",dst_port=53u,in_total_bytes=120u,type_29305_85="0x000000a4",protocol="udp",dst="192.168.119.17" 1684917213508754156
netflow_options,source=127.0.0.1,version=IPFIX dropped_packets_total=0u,event_time=1666725027u,exporter="192.168.119.100",exporting_pid=66602u,ignored_packet_total=22u,in_total_packets=1070u,notsent_packet_total=0u,observation_domain_id=0u,system_init_ms=1666725027000u,total_flows_exported=29u,type_6871_32868="0x00000000",type_6871_32869="0x00000000",type_6871_32870="0x00001d1f",type_6871_32871="0x00043278",type_6871_32872="0x00000004",type_6871_32873="0x0000001a" 1715165599875551764
netflow_options,source=127.0.0.1,version=IPFIX event_time=1666725027u,exporting_pid=66602u,observation_domain_id=0u,padding="0x000000000000",type_6871_33318="0x00000000",type_6871_33319="0x0000",type_6871_33322="0x00d00500000001635834a3" 1715165599878686750
126 changes: 126 additions & 0 deletions plugins/inputs/netflow/testcases/ipfix_options/expected.out

Large diffs are not rendered by default.

Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
2 changes: 2 additions & 0 deletions plugins/inputs/netflow/testcases/ipfix_options/telegraf.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
[[inputs.netflow]]
service_address = "udp://127.0.0.1:0"

0 comments on commit bf0c8e8

Please sign in to comment.