Add IPFIX support, including OpenBSD pflow(4)#162
Conversation
Adds an `ipfix:` section to mapping.yaml so v10 packets fill the custom InBytes/InPackets/OutBytes/OutPackets fields, the same way netflowv9 already did. goflow2's NetFlowPipe already dispatches v10, so no decoder changes are needed -- the producer just had no remap for IPFIX field IDs and counters were always zero. Tested with OpenBSD pflow(4) pflowproto 10 (unidirectional, fields 1+2 only). Bidirectional exporters that also set 23/24 work too. Drops the README disclaimer about IPFIX not being supported.
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #162 +/- ##
=====================================
Coverage 0.00% 0.00%
=====================================
Files 7 7
Lines 656 656
=====================================
Misses 656 656 Continue to review full report in Codecov by Harness.
🚀 New features to boost your workflow:
|
There was a problem hiding this comment.
Pull request overview
This PR closes the IPFIX support gap by extending the goflow2 field remapping configuration so that IPFIX (NetFlow v10) records populate ntopng’s byte/packet counters correctly, and updates documentation to reflect IPFIX/OpenBSD pflow(4) support.
Changes:
- Document IPFIX support (including OpenBSD
pflow(4)withpflowproto 10) and update configuration examples inREADME.md. - Add an
ipfix:decoder mapping block toformatter/mapping.yamlmirroring the existingnetflowv9:counter mappings.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| README.md | Updates docs to describe NetFlow v9 + IPFIX support and provides an OpenBSD pflow(4) configuration example. |
| formatter/mapping.yaml | Adds IPFIX counter field mappings so in/out byte/packet counters are properly populated for v10/IPFIX flows. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| # IPFIX uses the same IANA Information Element IDs for these counters as NetFlow v9. | ||
| # OpenBSD pflow(4) pflowproto 10 is unidirectional and only sets fields 1 and 2; | ||
| # bidirectional exporters additionally set 23 and 24. |
Closes the gap noted in the README (& closes #60)
I have hardware (OpenBSD
pflow(4)withpflowproto 10)The change
goflow2's
NewNetFlowPipealready dispatches v5/v9/v10 by header version, so IPFIX packets have always reached the producer. The gap was thatformatter/mapping.yamlonly declared anetflowv9:section, so for v10 packets the customInBytes/InPackets/OutBytes/OutPacketsfields stayed at zero and ntopng saw flows with 0-byte counters.Fix: add an
ipfix:block inmapping.yamlmirroringnetflowv9:(IANA IEs 1, 2, 23, 24 are identical between the two protocols). No code changes, no new flags, no new deps.Tested
pflow(4)pflowproto 10(unidirectional, IEs 1+2) → ntopng shows non-zero in_bytes/in_packets