Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add srv6 #306

Closed
wants to merge 41 commits into from
Closed

Add srv6 #306

wants to merge 41 commits into from

Conversation

door7302
Copy link

@door7302 door7302 commented Apr 3, 2024

Hello

This is the first version that decodes the SRV6 SRH header (if present) and Tunneled Payload aka. inner frame (DT4 and DT6 encap are supported as of now). Raw flows are exported by using the Juniper Inline Monitoring solution which is a standard solution: IPFIX 315. Sflow is also supported as this is the same decoding functions used for both sFlow and IPFIX 315.

I attached a sample output when goflow2 exports flow records as JSON :

srv6-dt4-goflow2-decoding.pdf

David

This was referenced Jul 31, 2024
Merged
Merged
lspgn
lspgn reviewed Aug 4, 2024
View reviewed changes
producer/proto/producer_sf.go
flowMessage.FragmentId = identification
flowMessage.FragmentOffset = uint32(fragOffset) >> 3
flowMessage.IpFlags = uint32(fragOffset) & 7
// limit the maximum number of loop to avoid infinit loop
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

need to fix typo

@lspgn
Copy link
Member

lspgn commented Aug 5, 2024

Would you be able to test the version in #342 using the following mapping file:

goflow2 -mapping=mapping_srv6.yaml

where mapping_srv6.yaml is:

formatter:
  fields:
    - type
    - time_received_ns
    - sequence_num
    - sampling_rate
    - sampler_address
    - time_flow_start_ns
    - time_flow_end_ns
    - bytes
    - packets
    - src_addr
    - src_net
    - dst_addr
    - dst_net
    - etype
    - proto
    - in_if
    - out_if
    - src_mac
    - dst_mac
    - layer_stack
    - layer_size
    # srv6 fields
    - ipv6_routing_header_seg_left
    - srhLastEntryIPv6
    - srhFlagsIPv6
    - srhTagIPv6
    - ipv6_routing_header_addresses
    # inner frame
    - innerFrame_src_addr
    - innerFrame_dst_addr
    - innerFrame_proto
    - innerFrame_src_port
    - innerFrame_dst_port
    - innerFrame_icmp_type
    - innerFrame_icmp_code
  key:
    - sampler_address
  protobuf:
    # srv6 fields
    - name: srhLastEntryIPv6
      index: 151
      type: varint
    - name: srhFlagsIPv6
      index: 152
      type: varint
    - name: srhTagIPv6
      index: 153
      type: varint
    # inner frame
    - name: innerFrame_src_addr
      index: 160
      type: string
    - name: innerFrame_dst_addr
      index: 161
      type: string
    - name: innerFrame_proto
      index: 162
      type: varint
    - name: innerFrame_src_port
      index: 163
      type: varint
    - name: innerFrame_dst_port
      index: 164
      type: varint
    # icmp
    - name: innerFrame_icmp_type
      index: 172
      type: varint
    - name: innerFrame_icmp_code
      index: 173
      type: varint
  rename:
    ipv6_routing_header_addresses: srhSegmentIPv6BasicList
    ipv6_routing_header_seg_left: srhSegmentsIPv6Left
  render:
    innerFrame_src_addr: ip
    innerFrame_dst_addr: ip
    innerFrame_proto: proto
sflow:
  mapping:
    # srv6
    - layer: "ipv6eh_routing"
      offset: 32
      length: 8
      destination: srhLastEntryIPv6
    - layer: "ipv6eh_routing"
      offset: 40
      length: 8
      destination: srhFlagsIPv6
    - layer: "ipv6eh_routing"
      offset: 48
      length: 16
      destination: srhTagIPv6
    # src/dst addresses
    - layer: "ipv6"
      encap: true
      offset: 64
      length: 128
      destination: innerFrame_src_addr
    - layer: "ipv6"
      encap: true
      offset: 192
      length: 128
      destination: innerFrame_dst_addr
    - layer: "ipv4"
      encap: true
      offset: 96
      length: 32
      destination: innerFrame_src_addr
    - layer: "ipv4"
      encap: true
      offset: 128
      length: 32
      destination: innerFrame_dst_addr
    # proto
    - layer: "ipv6"
      encap: true
      offset: 48
      length: 8
      destination: innerFrame_proto
    - layer: "ipv4"
      encap: true
      offset: 72
      length: 8
      destination: innerFrame_proto
    # ports
    - layer: "udp"
      encap: true
      offset: 0
      length: 16
      destination: innerFrame_src_port
    - layer: "udp"
      encap: true
      offset: 16
      length: 16
      destination: innerFrame_dst_port
    - layer: "tcp"
      encap: true
      offset: 0
      length: 16
      destination: innerFrame_src_port
    - layer: "tcp"
      encap: true
      offset: 16
      length: 16
      destination: innerFrame_dst_port
    # icmp
    - layer: "icmp"
      encap: true
      offset: 0
      length: 8
      destination: innerFrame_icmp_type
    - layer: "icmp"
      encap: true
      offset: 8
      length: 8
      destination: innerFrame_icmp_code

I didn't add:

  • innerFrame_ipv6_flow_label
  • innerFrame_ip_tos
  • innerFrame_ip_ttl
  • innerFrame_ip_flags
  • innerFrame_tcp_flags
  • innerFrame_fragment_id
  • innerFrame_fragment_offset

and innerFrame_payload_len can be derived from layer_size

@lspgn
Copy link
Member

lspgn commented Aug 18, 2024

#342 was merged. Will likely close this one

@lspgn
Copy link
Member

lspgn commented Nov 22, 2024

Correctly implemented

@lspgn lspgn closed this Nov 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lspgn lspgn lspgn left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@door7302 @lspgn