Fix forwarder IP source/destination (#3463)

client/firewall/uspfilter/forwarder/icmp.go

@@ -117,8 +117,8 @@ func (f *Forwarder) sendICMPEvent(typ nftypes.Type, flowID uuid.UUID, id stack.T
 		Direction: nftypes.Ingress,
 		Protocol:  nftypes.ICMP,
 		// TODO: handle ipv6
-		SourceIP: netip.AddrFrom4(id.LocalAddress.As4()),
+		SourceIP: netip.AddrFrom4(id.RemoteAddress.As4()),
-		DestIP:   netip.AddrFrom4(id.RemoteAddress.As4()),
+		DestIP:   netip.AddrFrom4(id.LocalAddress.As4()),
 		ICMPType: icmpType,
 		ICMPCode: icmpCode,
 

client/firewall/uspfilter/forwarder/tcp.go

@@ -113,10 +113,10 @@ func (f *Forwarder) sendTCPEvent(typ nftypes.Type, flowID uuid.UUID, id stack.Tr
 		Direction: nftypes.Ingress,
 		Protocol:  nftypes.TCP,
 		// TODO: handle ipv6
-		SourceIP:   netip.AddrFrom4(id.LocalAddress.As4()),
+		SourceIP:   netip.AddrFrom4(id.RemoteAddress.As4()),
-		DestIP:     netip.AddrFrom4(id.RemoteAddress.As4()),
+		DestIP:     netip.AddrFrom4(id.LocalAddress.As4()),
-		SourcePort: id.LocalPort,
+		SourcePort: id.RemotePort,
-		DestPort:   id.RemotePort,
+		DestPort:   id.LocalPort,
 	}
 
 	if ep != nil {

client/firewall/uspfilter/forwarder/udp.go

@@ -89,21 +89,6 @@ func (f *udpForwarder) Stop() {
 	}
 }
 
-// sendUDPEvent stores flow events for UDP connections
-func (f *udpForwarder) sendUDPEvent(typ nftypes.Type, flowID uuid.UUID, id stack.TransportEndpointID) {
-	f.flowLogger.StoreEvent(nftypes.EventFields{
-		FlowID:    flowID,
-		Type:      typ,
-		Direction: nftypes.Ingress,
-		Protocol:  17,
-		// TODO: handle ipv6
-		SourceIP:   netip.AddrFrom4(id.LocalAddress.As4()),
-		DestIP:     netip.AddrFrom4(id.RemoteAddress.As4()),
-		SourcePort: id.LocalPort,
-		DestPort:   id.RemotePort,
-	})
-}
-
 // cleanup periodically removes idle UDP connections
 func (f *udpForwarder) cleanup() {
 	ticker := time.NewTicker(time.Minute)
@@ -140,8 +125,6 @@ func (f *udpForwarder) cleanup() {
 				f.Unlock()
 
 				f.logger.Trace("forwarder: cleaned up idle UDP connection %v", epID(idle.id))
-
-				f.sendUDPEvent(nftypes.TypeEnd, idle.conn.flowID, idle.id)
 			}
 		}
 	}
@@ -270,18 +253,18 @@ func (f *Forwarder) proxyUDP(ctx context.Context, pConn *udpPacketConn, id stack
 	}
 }
 
-// sendUDPEvent stores flow events for UDP connections, mirrors the TCP version
+// sendUDPEvent stores flow events for UDP connections
 func (f *Forwarder) sendUDPEvent(typ nftypes.Type, flowID uuid.UUID, id stack.TransportEndpointID, ep tcpip.Endpoint) {
 	fields := nftypes.EventFields{
 		FlowID:    flowID,
 		Type:      typ,
 		Direction: nftypes.Ingress,
-		Protocol:  17, // UDP protocol number
+		Protocol:  nftypes.UDP,
 		// TODO: handle ipv6
-		SourceIP:   netip.AddrFrom4(id.LocalAddress.As4()),
+		SourceIP:   netip.AddrFrom4(id.RemoteAddress.As4()),
-		DestIP:     netip.AddrFrom4(id.RemoteAddress.As4()),
+		DestIP:     netip.AddrFrom4(id.LocalAddress.As4()),
-		SourcePort: id.LocalPort,
+		SourcePort: id.RemotePort,
-		DestPort:   id.RemotePort,
+		DestPort:   id.LocalPort,
 	}
 
 	if ep != nil {