goiftop icon indicating copy to clipboard operation
goiftop copied to clipboard

Published 20 hours ago verified publisher icon fs714

summary of points which need to be improved

Open maplewf opened this issue 3 years ago • 0 comments

Common issue

  1. L4 packet size doesn't include IP header
  2. GRE tunnel traffic is leaked to underlay interface
  3. GRE traffic can't be detected in underlay interface
  4. ESP(ipsec) traffic can't be decoded in underlay interface
  5. decode failure should be recorded in debug log

NFLOG

  1. for now, nflog engine is started per interface per direction which will waste resources. use --nflog-prefix with convention direction_interface in iptables to distinguish direction and interface with same nflog group like below:
-A FLOW_EXPORTER_IN -i eth0 -j NFLOG --nflog-prefix  in_eth0 --nflog-group 101 --nflog-range 64 --nflog-threshold 10
  1. duration is not accurate image

Libpcap

  1. vti tunnel traffic can't be collected
  2. openvpn tunnel traffic can't be collected

Afpkt

  1. GRE tunnel traffic can't be collected
  2. vti tunnel traffic can't be collected
  3. openvpn tunnel traffic can't be collected
  4. dmvpn tunnel traffic can't be collected

maplewf avatar Nov 16 '21 12:11 maplewf