search

fs714 / goiftop

Iftop implementation by golang
Apache License 2.0
27 stars 12 forks source link

summary of points which need to be improved #2

Open maplewf opened 2 years ago

maplewf commented 2 years ago

Common issue

  1. L4 packet size doesn't include IP header
  2. GRE tunnel traffic is leaked to underlay interface
  3. GRE traffic can't be detected in underlay interface
  4. ESP(ipsec) traffic can't be decoded in underlay interface
  5. decode failure should be recorded in debug log

NFLOG

  1. for now, nflog engine is started per interface per direction which will waste resources. use --nflog-prefix with convention direction_interface in iptables to distinguish direction and interface with same nflog group like below:

    -A FLOW_EXPORTER_IN -i eth0 -j NFLOG --nflog-prefix  in_eth0 --nflog-group 101 --nflog-range 64 --nflog-threshold 10

  2. duration is not accurate image

Libpcap

  1. vti tunnel traffic can't be collected
  2. openvpn tunnel traffic can't be collected

Afpkt

  1. GRE tunnel traffic can't be collected
  2. vti tunnel traffic can't be collected
  3. openvpn tunnel traffic can't be collected
  4. dmvpn tunnel traffic can't be collected