Sampling of traffic on a wireguard interface?

[David Ferrandez]

Hello,

I was wondering if anyone has attempted in getting hsflowd to run on a wireguard tunnel interface, e. wg0, wg1, etc.

With debug I can see that the interface is seen and sampled in takeSample() but as this isn't a ethernet interface the samples sent to the collector are malformed as the ip hdr is used as the mac addresses, etc

Any ideas?

David

[Neil McKee]

I was able to reproduce this.  It looks like we need to detect and handle DLT_RAW (raw IP) datalink types in mod_pcap.  The libpcap library has the necessary hooks so the fix should be straightforward.  Probably tomorrow or by the end of next week.

[Neil McKee]

I believe this is fixed in v2.0.37-1,  which is available for download now.

If mod_pcap opens a device that only offers the raw IP datalink type,  then those packet samples will be reported with the correct sFlow header-protocol number.