Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

inputs.netflow: Source port and destination port for TCP layer are not being included in metrics when using sFlow v5 decoder #16139

Closed
joseluisgonzalezca opened this issue Nov 5, 2024 · 2 comments · Fixed by #16197
Closed

inputs.netflow: Source port and destination port for TCP layer are not being included in metrics when using sFlow v5 decoder #16139

joseluisgonzalezca opened this issue Nov 5, 2024 · 2 comments · Fixed by #16197
Assignees
@srebhan
Labels
bug unexpected problem or unintended behavior

Comments

@joseluisgonzalezca
Copy link
Contributor

joseluisgonzalezca commented Nov 5, 2024
edited
Loading

Relevant telegraf.conf

[[inputs.netflow]]
  service_address = "udp://:2055"
  protocol = "sflow v5"

[[outputs.file]]
  files = ["stdout"]
  data_format = "json"

Logs from Telegraf

{"fields":{"agent_ip":"192.168.227.2","agent_subid":0,"datalink_frame_type":"IPv4","direction":"ingress","dst":"192.168.100.221","fragment_flags":"......D.","fragment_offset":0,"in_snmp":27,"in_total_packets":3633958918,"ip_total_len":1500,"ip_version":4,"ipv4_id":34151,"ipv4_inet_header_len":5,"ipv4_total_len":1500,"l2_bytes":1518,"l2_protocol":"ETHERNET-ISO8023","out_snmp":33,"protocol":"tcp","sampling_drops":21405750,"sampling_interval":200,"seq_number":18721933,"src":"192.168.100.223","src_tos":0,"sys_uptime":2042522488,"tcp_ack_number":1885360632,"tcp_flags":"...A....","tcp_seq_number":3443873179,"tcp_urgent_ptr":0,"tcp_window_size":514,"ttl":64,"vlan_dst":100,"vlan_dst_priority":0,"vlan_src":100,"vlan_src_priority":0},"name":"netflow","tags":{"host":"40f2df22e0c0","source":"::1","version":"sFlowV5"},"timestamp":1726823867}

System info

Telegraf v1.32.0 running on Docker, Debian 12 as base OS

Docker

services:
  telegraf:
    image: telegraf:1.32.0
    container_name: telegraf
    ports:
      - 2055:2055/udp
    restart: unless-stopped
    volumes:
    - ./telegraf.conf:/etc/telegraf/telegraf.conf:ro
    - ./sflow-packet.bin:/tmp/sflow-packet.bin:ro

Steps to reproduce

Same steps as described in issue #15918 (comment)

Expected behavior

Source port and destination port must be present in Telegraf metrics for TCP packets.

Actual behavior

Fields are being decoded by goflow2 dissector but are not being properly included in Telegraf Metric struct.

Additional info

The issue is related to an already solved issue (see PR #16009). src_port and dst_port for the TCP layer have a custom type layers.TCPPort which cannot be included into Telegraf metrics. These variables should be converted to uint16 to be properly included into metrics:

image

Affected code lines:

telegraf/plugins/inputs/netflow/sflow_v5.go

Lines 414 to 415 in 115df09

fields["src_port"] = l.SrcPort
fields["dst_port"] = l.DstPort

Casting is already done for UDP layer ports and it's working as expected:

telegraf/plugins/inputs/netflow/sflow_v5.go

Lines 441 to 442 in 115df09

fields["src_port"] = uint16(l.SrcPort)
fields["dst_port"] = uint16(l.DstPort)

@joseluisgonzalezca joseluisgonzalezca added the bug unexpected problem or unintended behavior label Nov 5, 2024
@srebhan
Copy link
Member

srebhan commented Nov 7, 2024

@joseluisgonzalezca as you already identified what needs to be done, would you be willing to put up a PR?

@srebhan srebhan self-assigned this Nov 7, 2024
joseluisgonzalezca pushed a commit to joseluisgonzalezca/telegraf that referenced this issue Nov 18, 2024
fix(inputs.netflow): cast TCP ports to uint16
9c6ced7 
influxdata#16139
@joseluisgonzalezca joseluisgonzalezca mentioned this issue Nov 18, 2024
Merged
1 task
@joseluisgonzalezca
Copy link
Contributor Author

Hi Sven!

Sorry for the late reply. I've been busy these last weeks and I wasn't able to address the issue. I have just submitted the fix in this PR: #16197

Thanks again!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@srebhan srebhan

Labels
bug unexpected problem or unintended behavior
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(inputs.netflow): Cast TCP ports to uint16 joseluisgonzalezca/telegraf
2 participants
@srebhan @joseluisgonzalezca