[client,management] add netflow support to client and update management (#3414)

adds NetFlow functionality to track and log network traffic information between peers, with features including: - Flow logging for TCP, UDP, and ICMP traffic - Integration with connection tracking system - Resource ID tracking in NetFlow events - DNS and exit node collection configuration - Flow API and Redis cache in management - Memory-based flow storage implementation - Kernel conntrack counters and userspace counters - TCP state machine improvements for more accurate tracking - Migration from net.IP to netip.Addr in the userspace firewall
2025-08-09 15:25:20 +02:00 · 2025-03-20 17:05:48 +01:00
parent f51e0b59bd
commit c02e236196
151 changed files with 7118 additions and 2234 deletions
--- a/flow/client/auth.go
+++ b/flow/client/auth.go
@ -0,0 +1,32 @@
+package client
+
+import (
+	"context"
+	"fmt"
+
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/credentials"
+)
+
+var _ credentials.PerRPCCredentials = (*authToken)(nil)
+
+type authToken struct {
+	metaMap map[string]string
+}
+
+func (t authToken) GetRequestMetadata(context.Context, ...string) (map[string]string, error) {
+	return t.metaMap, nil
+}
+
+func (authToken) RequireTransportSecurity() bool {
+	return false // Set to true if you want to require a secure connection
+}
+
+// WithAuthToken returns a DialOption which sets the receiver flow credentials and places auth state on each outbound RPC
+func withAuthToken(payload, signature string) grpc.DialOption {
+	value := fmt.Sprintf("%s.%s", signature, payload)
+	authMap := map[string]string{
+		"authorization": "Bearer " + value,
+	}
+	return grpc.WithPerRPCCredentials(authToken{metaMap: authMap})
+}