Skip to content

Commit

Permalink
feat(inputs.netflow): Add support for IPFIX option packets
Browse files Browse the repository at this point in the history
  • Loading branch information
@srebhan
srebhan committed May 8, 2024
1 parent e3f03ff commit 136bac9
Show file tree
Hide file tree
Showing 13 changed files with 158 additions and 0 deletions.
28 changes: 28 additions & 0 deletions plugins/inputs/netflow/netflow_decoder.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -634,6 +634,34 @@ func (d *netflowDecoder) Decode(srcIP net.IP, payload []byte) ([]telegraf.Metric
case netflow.TemplateFlowSet:
case netflow.IPFIXOptionsTemplateFlowSet:
case netflow.OptionsDataFlowSet:
for _, record := range fs.Records {
tags := map[string]string{
"source": src,
"version": "IPFIX",
}
fields := make(map[string]interface{})
for _, value := range record.ScopesValues {
decodedFields, err := d.decodeValueIPFIX(value)
if err != nil {
d.Log.Errorf("decoding option record %+v failed: %v", record, err)
continue
}
for _, field := range decodedFields {
fields[field.Key] = field.Value
}
}
for _, value := range record.OptionsValues {
decodedFields, err := d.decodeValueIPFIX(value)
if err != nil {
d.Log.Errorf("decoding option record %+v failed: %v", record, err)
continue
}
for _, field := range decodedFields {
fields[field.Key] = field.Value
}
}
metrics = append(metrics, metric.New("netflow_options", tags, fields, t))
}
case netflow.DataFlowSet:
for _, record := range fs.Records {
tags := map[string]string{
Expand Down
2 changes: 2 additions & 0 deletions plugins/inputs/netflow/testcases/ipfix_example/expected.out
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,3 +27,5 @@ netflow,source=127.0.0.1,version=IPFIX type_29305_86="0x00000009",flow_end_ms=16
netflow,source=127.0.0.1,version=IPFIX vlan_src=0u,type_29305_85="0x00001590",src="192.168.119.100",protocol="udp",dst_port=443u,type_29305_58="0x0000",type_29305_86="0x00000015",flow_start_ms=1666345514168u,src_tos="0x00",type_6871_rev_40="0x0000",dst="142.250.186.170",in_total_packets=17u,src_port=58246u,type_6871_21="0x00000012",flow_end_ms=1666345525871u,flow_end_reason="forced end",type_29305_5="0x00",type_6871_40="0x0000",in_total_bytes=3248u 1684917213508463452
netflow,source=127.0.0.1,version=IPFIX dst="140.82.121.3",flow_start_ms=1666345521019u,type_29305_86="0x000000d4",type_6871_40="0x0000",type_29305_85="0x0003e1d9",in_total_packets=125u,protocol="tcp",flow_end_reason="forced end",in_total_bytes=16640u,type_29305_58="0x0000",flow_end_ms=1666345525880u,type_6871_21="0x00000009",type_29305_5="0x00",dst_port=443u,src_tos="0x00",type_6871_rev_40="0x0000",vlan_src=0u,src="192.168.119.100",src_port=37792u 1684917213508608204
netflow,source=127.0.0.1,version=IPFIX type_6871_40="0x0001",src="192.168.119.100",vlan_src=0u,type_6871_rev_40="0x0000",type_29305_58="0x0000",src_port=50077u,flow_end_ms=1666345527739u,type_29305_5="0x00",flow_start_ms=1666345527739u,in_total_packets=2u,src_tos="0x00",flow_end_reason="forced end",type_6871_21="0x00000000",type_29305_86="0x00000002",dst_port=53u,in_total_bytes=120u,type_29305_85="0x000000a4",protocol="udp",dst="192.168.119.17" 1684917213508754156
netflow_options,source=127.0.0.1,version=IPFIX dropped_packets_total=0u,event_time=1666725027u,exporter="192.168.119.100",exporting_pid=66602u,ignored_packet_total=22u,in_total_packets=1070u,notsent_packet_total=0u,observation_domain_id=0u,system_init_ms=1666725027000u,total_flows_exported=29u,type_6871_32868="0x00000000",type_6871_32869="0x00000000",type_6871_32870="0x00001d1f",type_6871_32871="0x00043278",type_6871_32872="0x00000004",type_6871_32873="0x0000001a" 1715165599875551764
netflow_options,source=127.0.0.1,version=IPFIX event_time=1666725027u,exporting_pid=66602u,observation_domain_id=0u,padding="0x000000000000",type_6871_33318="0x00000000",type_6871_33319="0x0000",type_6871_33322="0x00d00500000001635834a3" 1715165599878686750
126 changes: 126 additions & 0 deletions plugins/inputs/netflow/testcases/ipfix_options/expected.out
View file

Large diffs are not rendered by default.

Binary file added plugins/inputs/netflow/testcases/ipfix_options/message-001.bin
View file
Binary file not shown.
Binary file added plugins/inputs/netflow/testcases/ipfix_options/message-002.bin
View file
Binary file not shown.
Binary file added plugins/inputs/netflow/testcases/ipfix_options/message-003.bin
View file
Binary file not shown.
Binary file added plugins/inputs/netflow/testcases/ipfix_options/message-004.bin
View file
Binary file not shown.
Binary file added plugins/inputs/netflow/testcases/ipfix_options/message-005.bin
View file
Binary file not shown.
Binary file added plugins/inputs/netflow/testcases/ipfix_options/message-006.bin
View file
Binary file not shown.
Binary file added plugins/inputs/netflow/testcases/ipfix_options/message-007.bin
View file
Binary file not shown.
Binary file added plugins/inputs/netflow/testcases/ipfix_options/message-008.bin
View file
Binary file not shown.
Binary file added plugins/inputs/netflow/testcases/ipfix_options/message-009.bin
View file
Binary file not shown.
2 changes: 2 additions & 0 deletions plugins/inputs/netflow/testcases/ipfix_options/telegraf.conf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
[[inputs.netflow]]
service_address = "udp://127.0.0.1:0"

0 comments on commit 136bac9

Please sign in to comment.