[client,management] add netflow support to client and update management (#3414)

adds NetFlow functionality to track and log network traffic information between peers, with features including: - Flow logging for TCP, UDP, and ICMP traffic - Integration with connection tracking system - Resource ID tracking in NetFlow events - DNS and exit node collection configuration - Flow API and Redis cache in management - Memory-based flow storage implementation - Kernel conntrack counters and userspace counters - TCP state machine improvements for more accurate tracking - Migration from net.IP to netip.Addr in the userspace firewall
2026-04-18 08:16:39 +00:00 · 2025-03-20 17:05:48 +01:00
parent f51e0b59bd
commit c02e236196
151 changed files with 7118 additions and 2234 deletions
--- a/management/server/settings/manager.go
+++ b/management/server/settings/manager.go
@@ -1,37 +1,98 @@
 package settings

+//go:generate go run github.com/golang/mock/mockgen -package settings -destination=manager_mock.go -source=./manager.go -build_flags=-mod=mod
+
 import (
 	"context"
+	"fmt"

+	"github.com/netbirdio/netbird/management/server/activity"
+	"github.com/netbirdio/netbird/management/server/integrations/extra_settings"
+	"github.com/netbirdio/netbird/management/server/status"
 	"github.com/netbirdio/netbird/management/server/store"
 	"github.com/netbirdio/netbird/management/server/types"
+	"github.com/netbirdio/netbird/management/server/users"
 )

 type Manager interface {
+	GetExtraSettingsManager() extra_settings.Manager
 	GetSettings(ctx context.Context, accountID string, userID string) (*types.Settings, error)
+	GetExtraSettings(ctx context.Context, accountID string) (*types.ExtraSettings, error)
+	UpdateExtraSettings(ctx context.Context, accountID, userID string, extraSettings *types.ExtraSettings) (bool, error)
 }

 type managerImpl struct {
-	store store.Store
+	store                store.Store
+	extraSettingsManager extra_settings.Manager
+	userManager          users.Manager
 }

-type managerMock struct {
-}
-
-func NewManager(store store.Store) Manager {
+func NewManager(store store.Store, userManager users.Manager, extraSettingsManager extra_settings.Manager) Manager {
 	return &managerImpl{
-		store: store,
+		store:                store,
+		extraSettingsManager: extraSettingsManager,
+		userManager:          userManager,
 	}
 }

-func (m *managerImpl) GetSettings(ctx context.Context, accountID string, userID string) (*types.Settings, error) {
-	return m.store.GetAccountSettings(ctx, store.LockingStrengthShare, accountID)
+func (m *managerImpl) GetExtraSettingsManager() extra_settings.Manager {
+	return m.extraSettingsManager
 }

-func NewManagerMock() Manager {
-	return &managerMock{}
+func (m *managerImpl) GetSettings(ctx context.Context, accountID, userID string) (*types.Settings, error) {
+	if userID != activity.SystemInitiator {
+		user, err := m.userManager.GetUser(ctx, userID)
+		if err != nil {
+			return nil, fmt.Errorf("get user: %w", err)
+		}
+
+		if user.AccountID != accountID || (!user.HasAdminPower() && !user.IsServiceUser) {
+			return nil, status.Errorf(status.PermissionDenied, "the user has no permission to access account data")
+		}
+	}
+
+	extraSettings, err := m.extraSettingsManager.GetExtraSettings(ctx, accountID)
+	if err != nil {
+		return nil, fmt.Errorf("get extra settings: %w", err)
+	}
+
+	settings, err := m.store.GetAccountSettings(ctx, store.LockingStrengthShare, accountID)
+	if err != nil {
+		return nil, fmt.Errorf("get account settings: %w", err)
+	}
+
+	// Once we migrate the peer approval to settings manager this merging is obsolete
+	if settings.Extra != nil {
+		settings.Extra.FlowEnabled = extraSettings.FlowEnabled
+		settings.Extra.FlowPacketCounterEnabled = extraSettings.FlowPacketCounterEnabled
+		settings.Extra.FlowENCollectionEnabled = extraSettings.FlowENCollectionEnabled
+		settings.Extra.FlowDnsCollectionEnabled = extraSettings.FlowDnsCollectionEnabled
+	}
+
+	return settings, nil
 }

-func (m *managerMock) GetSettings(ctx context.Context, accountID string, userID string) (*types.Settings, error) {
-	return &types.Settings{}, nil
+func (m *managerImpl) GetExtraSettings(ctx context.Context, accountID string) (*types.ExtraSettings, error) {
+	extraSettings, err := m.extraSettingsManager.GetExtraSettings(ctx, accountID)
+	if err != nil {
+		return nil, fmt.Errorf("get extra settings: %w", err)
+	}
+
+	settings, err := m.store.GetAccountSettings(ctx, store.LockingStrengthShare, accountID)
+	if err != nil {
+		return nil, fmt.Errorf("get account settings: %w", err)
+	}
+
+	// Once we migrate the peer approval to settings manager this merging is obsolete
+	if settings.Extra == nil {
+		settings.Extra = &types.ExtraSettings{}
+	}
+
+	settings.Extra.FlowEnabled = extraSettings.FlowEnabled
+
+	return settings.Extra, nil
+}
+
+func (m *managerImpl) UpdateExtraSettings(ctx context.Context, accountID, userID string, extraSettings *types.ExtraSettings) (bool, error) {
+	return m.extraSettingsManager.UpdateExtraSettings(ctx, accountID, userID, extraSettings)
 }
--- a/management/server/settings/manager_mock.go
+++ b/management/server/settings/manager_mock.go
@@ -0,0 +1,96 @@
+// Code generated by MockGen. DO NOT EDIT.
+// Source: ./manager.go
+
+// Package settings is a generated GoMock package.
+package settings
+
+import (
+	context "context"
+	reflect "reflect"
+
+	gomock "github.com/golang/mock/gomock"
+	extra_settings "github.com/netbirdio/netbird/management/server/integrations/extra_settings"
+	types "github.com/netbirdio/netbird/management/server/types"
+)
+
+// MockManager is a mock of Manager interface.
+type MockManager struct {
+	ctrl     *gomock.Controller
+	recorder *MockManagerMockRecorder
+}
+
+// MockManagerMockRecorder is the mock recorder for MockManager.
+type MockManagerMockRecorder struct {
+	mock *MockManager
+}
+
+// NewMockManager creates a new mock instance.
+func NewMockManager(ctrl *gomock.Controller) *MockManager {
+	mock := &MockManager{ctrl: ctrl}
+	mock.recorder = &MockManagerMockRecorder{mock}
+	return mock
+}
+
+// EXPECT returns an object that allows the caller to indicate expected use.
+func (m *MockManager) EXPECT() *MockManagerMockRecorder {
+	return m.recorder
+}
+
+// GetExtraSettings mocks base method.
+func (m *MockManager) GetExtraSettings(ctx context.Context, accountID string) (*types.ExtraSettings, error) {
+	m.ctrl.T.Helper()
+	ret := m.ctrl.Call(m, "GetExtraSettings", ctx, accountID)
+	ret0, _ := ret[0].(*types.ExtraSettings)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// GetExtraSettings indicates an expected call of GetExtraSettings.
+func (mr *MockManagerMockRecorder) GetExtraSettings(ctx, accountID interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetExtraSettings", reflect.TypeOf((*MockManager)(nil).GetExtraSettings), ctx, accountID)
+}
+
+// GetExtraSettingsManager mocks base method.
+func (m *MockManager) GetExtraSettingsManager() extra_settings.Manager {
+	m.ctrl.T.Helper()
+	ret := m.ctrl.Call(m, "GetExtraSettingsManager")
+	ret0, _ := ret[0].(extra_settings.Manager)
+	return ret0
+}
+
+// GetExtraSettingsManager indicates an expected call of GetExtraSettingsManager.
+func (mr *MockManagerMockRecorder) GetExtraSettingsManager() *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetExtraSettingsManager", reflect.TypeOf((*MockManager)(nil).GetExtraSettingsManager))
+}
+
+// GetSettings mocks base method.
+func (m *MockManager) GetSettings(ctx context.Context, accountID, userID string) (*types.Settings, error) {
+	m.ctrl.T.Helper()
+	ret := m.ctrl.Call(m, "GetSettings", ctx, accountID, userID)
+	ret0, _ := ret[0].(*types.Settings)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// GetSettings indicates an expected call of GetSettings.
+func (mr *MockManagerMockRecorder) GetSettings(ctx, accountID, userID interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetSettings", reflect.TypeOf((*MockManager)(nil).GetSettings), ctx, accountID, userID)
+}
+
+// UpdateExtraSettings mocks base method.
+func (m *MockManager) UpdateExtraSettings(ctx context.Context, accountID, userID string, extraSettings *types.ExtraSettings) (bool, error) {
+	m.ctrl.T.Helper()
+	ret := m.ctrl.Call(m, "UpdateExtraSettings", ctx, accountID, userID, extraSettings)
+	ret0, _ := ret[0].(bool)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// UpdateExtraSettings indicates an expected call of UpdateExtraSettings.
+func (mr *MockManagerMockRecorder) UpdateExtraSettings(ctx, accountID, userID, extraSettings interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "UpdateExtraSettings", reflect.TypeOf((*MockManager)(nil).UpdateExtraSettings), ctx, accountID, userID, extraSettings)
+}