GithubHelp home page GithubHelp logo

FR: set source ip about host-sflow HOT 4 OPEN

sflow avatar sflow commented on July 29, 2024
FR: set source ip

from host-sflow.

Comments (4)

sflow avatar sflow commented on July 29, 2024

An sFlow collector should never pay much attention to the IP source address of the sFlow datagrams. The collector should only look at the sFlow agent address, which is a field in the sFlow payload that is intended to be the unique identifier for the agent. This allows for the sFlow to take any available route, or be forwarded on without spoofing or tunneling.

If your question is really about avoiding untrusted paths, then I think it would work just as well to use a VRF (which you can specify in the collector{} spec in hsflowd.conf), or add an extra route to the routing table, or even add an iptables rule. An option to call bind() on the socket in the hsflowd code is certainly possible, but it seems to me like it might cause as many problems as it solves.

What do you think?

from host-sflow.

asy972 avatar asy972 commented on July 29, 2024

The collector can be protected by a firewall. UDP packets may have a spoofed source IP address, but nevertheless firewall can be used sometime. One fixed IP is more usable in this case.

An option to call bind() on the socket in the hsflowd code is certainly possible, but it seems to me like it might cause as many problems as it solves.

If there is an opportunity then there is a choice. What problems do you expect when using bind()?

from host-sflow.

sflow avatar sflow commented on July 29, 2024

Well, I'd forgotten we did this, but if you specify something like this:

collector { ip=10.1.2.3 dev=eth0 }

then I believe it will effectively bind to eth0. It's just that it happens not with bind() but with this call:
https://github.com/sflow/host-sflow/blob/master/src/Linux/hsflowd.c#L1116

So please try adding the dev=IF setting and let me know if that works the way you want it to. (You can also specify a namespace in the collector{} section if you need to).

from host-sflow.

asy972 avatar asy972 commented on July 29, 2024

So please try adding the dev=IF setting and let me know if that works the way you

I try "collector { ip=x.x.x.x dev=lo2 }". IP of lo2 is used, but packets are also sent to lo2. The point of this FR is not to be tied to interfaces through which traffic can send from host.

from host-sflow.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.