[client,management] add netflow support to client and update management (#3414)

adds NetFlow functionality to track and log network traffic information between peers, with features including: - Flow logging for TCP, UDP, and ICMP traffic - Integration with connection tracking system - Resource ID tracking in NetFlow events - DNS and exit node collection configuration - Flow API and Redis cache in management - Memory-based flow storage implementation - Kernel conntrack counters and userspace counters - TCP state machine improvements for more accurate tracking - Migration from net.IP to netip.Addr in the userspace firewall
2026-04-16 07:16:38 +00:00 · 2025-03-20 17:05:48 +01:00
parent f51e0b59bd
commit c02e236196
151 changed files with 7118 additions and 2234 deletions
--- a/client/server/server_test.go
+++ b/client/server/server_test.go
@@ -6,11 +6,11 @@ import (
 	"testing"
 	"time"

+	"github.com/golang/mock/gomock"
 	"github.com/stretchr/testify/require"
 	"go.opentelemetry.io/otel"

 	"github.com/netbirdio/management-integrations/integrations"
-
 	log "github.com/sirupsen/logrus"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/keepalive"
@@ -129,13 +129,17 @@ func startManagement(t *testing.T, signalAddr string, counter *int) (*grpc.Serve
 	metrics, err := telemetry.NewDefaultAppMetrics(context.Background())
 	require.NoError(t, err)

-	accountManager, err := server.BuildManager(context.Background(), store, peersUpdateManager, nil, "", "netbird.selfhosted", eventStore, nil, false, ia, metrics, port_forwarding.NewControllerMock())
+	ctrl := gomock.NewController(t)
+	t.Cleanup(ctrl.Finish)
+	settingsMockManager := settings.NewMockManager(ctrl)
+
+	accountManager, err := server.BuildManager(context.Background(), store, peersUpdateManager, nil, "", "netbird.selfhosted", eventStore, nil, false, ia, metrics, port_forwarding.NewControllerMock(), settingsMockManager)
 	if err != nil {
 		return nil, "", err
 	}

-	secretsManager := server.NewTimeBasedAuthSecretsManager(peersUpdateManager, config.TURNConfig, config.Relay)
-	mgmtServer, err := server.NewServer(context.Background(), config, accountManager, settings.NewManager(store), peersUpdateManager, secretsManager, nil, nil, nil)
+	secretsManager := server.NewTimeBasedAuthSecretsManager(peersUpdateManager, config.TURNConfig, config.Relay, settingsMockManager)
+	mgmtServer, err := server.NewServer(context.Background(), config, accountManager, settingsMockManager, peersUpdateManager, secretsManager, nil, nil, nil)
 	if err != nil {
 		return nil, "", err
 	}
--- a/client/server/trace.go
+++ b/client/server/trace.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	"net"
+	"net/netip"

 	fw "github.com/netbirdio/netbird/client/firewall/manager"
 	"github.com/netbirdio/netbird/client/firewall/uspfilter"
@@ -41,11 +42,21 @@ func (s *Server) TracePacket(_ context.Context, req *proto.TracePacketRequest) (
 		srcIP = engine.GetWgAddr()
 	}

+	srcAddr, ok := netip.AddrFromSlice(srcIP)
+	if !ok {
+		return nil, fmt.Errorf("invalid source IP address")
+	}
+
 	dstIP := net.ParseIP(req.GetDestinationIp())
 	if req.GetDestinationIp() == "self" {
 		dstIP = engine.GetWgAddr()
 	}

+	dstAddr, ok := netip.AddrFromSlice(dstIP)
+	if !ok {
+		return nil, fmt.Errorf("invalid source IP address")
+	}
+
 	if srcIP == nil || dstIP == nil {
 		return nil, fmt.Errorf("invalid IP address")
 	}
@@ -85,8 +96,8 @@ func (s *Server) TracePacket(_ context.Context, req *proto.TracePacketRequest) (
 	}

 	builder := &uspfilter.PacketBuilder{
-		SrcIP:     srcIP,
-		DstIP:     dstIP,
+		SrcIP:     srcAddr,
+		DstIP:     dstAddr,
 		Protocol:  protocol,
 		SrcPort:   uint16(req.GetSourcePort()),
 		DstPort:   uint16(req.GetDestinationPort()),