Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: get pod ips from TCP protocol in ip-ip encapsulation #234

Closed
wants to merge 1 commit into from
Closed

fix: get pod ips from TCP protocol in ip-ip encapsulation #234

wants to merge 1 commit into from

Conversation

Ishmeet
Copy link

@Ishmeet Ishmeet commented Nov 5, 2023

Added a check if this IPv4 header represents IPIP protocol encapsulation.
If so, then set srcIP and dstIP from next IPv4 header representing TCP protocol.
So we can get pod IPs instead of host IPs.

@lspgn
Copy link
Member

lspgn commented Nov 6, 2023
edited
Loading

Hi @Ishmeet,
Thank you for the contribution!
Need to double check that a truncated packet does not raise a panic

Have you tried also with custom mapping? I'm not super fond of replacing with the content of the encapsulation

@lspgn lspgn added enhancement New feature or request producer Conversion from flow to protobuf labels Nov 6, 2023
@Ishmeet
Copy link
Author

Ishmeet commented Nov 6, 2023

Hi @Ishmeet, Thank you for the contribution! Need to double check that a truncated packet does not raise a panic

Have you tried also with custom mapping? I'm not super fond of replacing with the content of the encapsulation

Hi there @lspgn,

I tried custom mappings, (the below one). It parses src/dest ips from the inner ipv4 header. But when there is no encapsulation in sflow packet, then it parses some random values. For my use case, I want to have src/dest ips from inner ipv4 if IPIP encapsulation exists otherwise if encapsulation not exist then I require ips from the outer ipv4 header.

{
  "flow_config": {
    "sflow": {
      "mapping": [
        {
          "layer": 4,
          "offset": 96,
          "length": 32,
          "destination": "CustomInteger1"
        },
        {
          "layer": 4,
          "offset": 128,
          "length": 32,
          "destination": "CustomInteger2"
        }
      ]
    }
  },
  "name_map": {
    "CustomIPv41": "IP Foo",
    "CustomIPv42": "IP Bar"
  }
}

@lspgn
Copy link
Member

lspgn commented Nov 7, 2023

Are you able to use the v2?
The following PR adds the ability to decode IPIP with custom mapping
#235
One of the change in the custom mapping is the conditional decoding where you can specify ipip for instance

For my use case, I want to have src/dest ips from inner ipv4 if IPIP encapsulation exists otherwise if encapsulation not exist then I require ips from the outer ipv4 header.

Unfortunately that would break other people's implementation.
I'll see if I can update the code.

@lspgn
Copy link
Member

lspgn commented Aug 18, 2024

@Ishmeet I made a refactor in #342.
You should be able to decode IPIP with the following YAML mapping:

formatter:
  fields:
    # inner ipip
    - inner_src_addr
    - inner_dst_addr
  key:
    - sampler_address
  protobuf:
    # inner ipip
    - name: inner_src_addr
      index: 160
      type: string
    - name: inner_dst_addr
      index: 161
      type: string
  render:
    inner_src_addr: ip
    inner_dst_addr: ip
sflow:
  mapping:
    # src/dst addresses
    - layer: "ipv4"
      encap: true
      offset: 96
      length: 32
      destination: inner_src_addr
    - layer: "ipv4"
      encap: true
      offset: 128
      length: 32
      destination: inner_dst_addr

Feel free to re-open if you have more questions or issues.

@lspgn lspgn closed this Aug 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
enhancement New feature or request producer Conversion from flow to protobuf
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Ishmeet @lspgn