New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

summary of points which need to be improved #2

Open

maplewf opened this issue Nov 16, 2021 · 0 comments

Assignees

Labels

bug

maplewf commented Nov 16, 2021 •

edited

Loading

Common issue

L4 packet size doesn't include IP header
GRE tunnel traffic is leaked to underlay interface
GRE traffic can't be detected in underlay interface
ESP(ipsec) traffic can't be decoded in underlay interface
decode failure should be recorded in debug log

NFLOG

for now, nflog engine is started per interface per direction which will waste resources. use --nflog-prefix with convention direction_interface in iptables to distinguish direction and interface with same nflog group like below:

-A FLOW_EXPORTER_IN -i eth0 -j NFLOG --nflog-prefix  in_eth0 --nflog-group 101 --nflog-range 64 --nflog-threshold 10

duration is not accurate

Libpcap

vti tunnel traffic can't be collected
openvpn tunnel traffic can't be collected

Afpkt

GRE tunnel traffic can't be collected
vti tunnel traffic can't be collected
openvpn tunnel traffic can't be collected
dmvpn tunnel traffic can't be collected

The text was updated successfully, but these errors were encountered:

fs714 self-assigned this

fs714 added the bug label

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment