[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openbsd-tech
Subject:    pflow PF_OUT use WIRE ips
From:       Kapetanakis Giannis <bilias () edu ! physics ! uoc ! gr>
Date:       2018-01-30 13:34:43
Message-ID: 2d9f9407-b86d-9c6b-efba-98f7788a7d31 () edu ! physics ! uoc ! gr
[Download RAW message or body]

Hi,

A problem with our flows and nat-to on the $ext_if is that it exports the original \
(private) IP address and not the new-public IP after the translation.

We already have the information about the private IP from the flow on the $int_if.

Similar problem with rdr-to and PF_OUT.

This diff changes st->key to use PF_SK_WIRE for PF_OUT and export what you see in \
tcpdump.

Tested with PF_IN/PF_OUT and normal, nat-to, rdr-to connections,
although there is problem only with PF_OUT which used PF_SK_STACK.

Did not test IPv6.

regards,

Giannis
ps. I'll make an attempt to add NEL extension record types to hold NAT information in \
IPFIX from https://tools.ietf.org/html/draft-ietf-behave-ipfix-nat-logging-13
nfdump already supports this info so it will be good to be able to export it.


Index: if_pflow.c
===================================================================
RCS file: /cvs/src/sys/net/if_pflow.c,v
retrieving revision 1.86
diff -u -p -r1.86 if_pflow.c
--- if_pflow.c  9 Jan 2018 15:24:24 -0000       1.86
+++ if_pflow.c  30 Jan 2018 13:10:46 -0000
@@ -786,7 +786,7 @@ export_pflow(struct pf_state *st)
        struct pflow_softc      *sc = NULL;
        struct pf_state_key     *sk;
 
-       sk = st->key[st->direction == PF_IN ? PF_SK_WIRE : PF_SK_STACK];
+       sk = st->key[PF_SK_WIRE];
 
        SLIST_FOREACH(sc, &pflowif_list, sc_next) {
                switch (sc->sc_version) {


[prev in list] [next in list] [prev in thread] [next in thread]