I would like to be able to process incoming TCP messages based on the sender IP address. Is there any way to retrieve the source IP/Port details on a TCP In node, perhaps in _session.id?
IP and port are available directly on the message object. Try msg.ip and msg.port.
It looks like there is something a bit deeper going on as some of the messages have the keys in the msg object when others don't. I believe it's tied to a HAProxy instance (with Proxy Protocol and health checks) in front of the incoming TCP packets. I don't quite understand how it would not have source information for those packets but I'm willing to move on because it does look like all of the information I need is coming through when I need it.
If the data comes via a proxy, the proxy has "interfered" with the packets and they are generally listed as coming from the proxy rather than the originating IP. This is why HTTP traffic usually has an extra header added that tells you the originating IP. That is actually added by the proxy.
The whole point of a proxy is that it intercepts the traffic and has the ability to do things to it. Like filter out components, terminate TLS connections and so on.
Yup! I'm taking a proxy into account with HAProxy's Proxy Protocol and it works well in our situation. Where I'm still a bit confused is that I am getting an incoming message, the carriage return in the first log message, that has a session attached but does not have the ip/port keys. I would have expected that every single message coming out of a TCP In node would have the ip/port.
In the end, it doesn't affect my situation but since that is what I saw at first, I (incorrectly) assumed that all of the packets wouldn't have IP information.
