Hi, A problem with our flows and nat-to on the $ext_if is that it exports the original (private) IP address and not the new-public IP after the translation.
We already have the information about the private IP from the flow on the $int_if. Similar problem with rdr-to and PF_OUT. This diff changes st->key to use PF_SK_WIRE for PF_OUT and export what you see in tcpdump. Tested with PF_IN/PF_OUT and normal, nat-to, rdr-to connections, although there is problem only with PF_OUT which used PF_SK_STACK. Did not test IPv6. regards, Giannis ps. I'll make an attempt to add NEL extension record types to hold NAT information in IPFIX from https://tools.ietf.org/html/draft-ietf-behave-ipfix-nat-logging-13 nfdump already supports this info so it will be good to be able to export it. Index: if_pflow.c =================================================================== RCS file: /cvs/src/sys/net/if_pflow.c,v retrieving revision 1.86 diff -u -p -r1.86 if_pflow.c --- if_pflow.c 9 Jan 2018 15:24:24 -0000 1.86 +++ if_pflow.c 30 Jan 2018 13:10:46 -0000 @@ -786,7 +786,7 @@ export_pflow(struct pf_state *st) struct pflow_softc *sc = NULL; struct pf_state_key *sk; - sk = st->key[st->direction == PF_IN ? PF_SK_WIRE : PF_SK_STACK]; + sk = st->key[PF_SK_WIRE]; SLIST_FOREACH(sc, &pflowif_list, sc_next) { switch (sc->sc_version) {
