[client,management] add netflow support to client and update management (#3414)

adds NetFlow functionality to track and log network traffic information between peers, with features including: - Flow logging for TCP, UDP, and ICMP traffic - Integration with connection tracking system - Resource ID tracking in NetFlow events - DNS and exit node collection configuration - Flow API and Redis cache in management - Memory-based flow storage implementation - Kernel conntrack counters and userspace counters - TCP state machine improvements for more accurate tracking - Migration from net.IP to netip.Addr in the userspace firewall
2026-04-18 08:16:39 +00:00 · 2025-03-20 17:05:48 +01:00
parent f51e0b59bd
commit c02e236196
151 changed files with 7118 additions and 2234 deletions
--- a/client/internal/peer/route.go
+++ b/client/internal/peer/route.go
@@ -0,0 +1,81 @@
+package peer
+
+import (
+	"net/netip"
+	"sync"
+
+	log "github.com/sirupsen/logrus"
+)
+
+type routeIDLookup struct {
+	localMap    sync.Map
+	remoteMap   sync.Map
+	resolvedIPs sync.Map
+}
+
+func (r *routeIDLookup) AddLocalRouteID(resourceID string, route netip.Prefix) {
+	_, exists := r.localMap.LoadOrStore(route, resourceID)
+	if exists {
+		log.Tracef("resourceID %s already exists in local map", resourceID)
+	}
+}
+
+func (r *routeIDLookup) RemoveLocalRouteID(route netip.Prefix) {
+	r.localMap.Delete(route)
+}
+
+func (r *routeIDLookup) AddRemoteRouteID(resourceID string, route netip.Prefix) {
+	_, exists := r.remoteMap.LoadOrStore(route, resourceID)
+	if exists {
+		log.Tracef("resourceID %s already exists in remote map", resourceID)
+	}
+}
+
+func (r *routeIDLookup) RemoveRemoteRouteID(route netip.Prefix) {
+	r.remoteMap.Delete(route)
+}
+
+func (r *routeIDLookup) AddResolvedIP(resourceID string, route netip.Prefix) {
+	r.resolvedIPs.Store(route.Addr(), resourceID)
+}
+
+func (r *routeIDLookup) RemoveResolvedIP(route netip.Prefix) {
+	r.resolvedIPs.Delete(route.Addr())
+}
+
+// Lookup returns the resource ID for the given IP address
+// and a bool indicating if the IP is an exit node
+func (r *routeIDLookup) Lookup(ip netip.Addr) (string, bool) {
+	var isExitNode bool
+
+	resId, ok := r.resolvedIPs.Load(ip)
+	if ok {
+		return resId.(string), false
+	}
+
+	var resourceID string
+	r.localMap.Range(func(key, value interface{}) bool {
+		pref := key.(netip.Prefix)
+		if pref.Contains(ip) {
+			resourceID = value.(string)
+			isExitNode = pref.Bits() == 0
+			return false
+
+		}
+		return true
+	})
+
+	if resourceID == "" {
+		r.remoteMap.Range(func(key, value interface{}) bool {
+			pref := key.(netip.Prefix)
+			if pref.Contains(ip) {
+				resourceID = value.(string)
+				isExitNode = pref.Bits() == 0
+				return false
+			}
+			return true
+		})
+	}
+
+	return resourceID, isExitNode
+}