Incoming traffic not classified correctly

[cbz]

Currently nlbwmon fails to categorise all traffic correctly. I assumed at first that this was due to NATting, but now I'm no longer sure.

I can see in parse_proto_port you test the destination port against the values generated by the protocols file. In the case of an nlbwmon session running on an LEDE router (running NAT) an outgoing connection to (say) SSH is categorised correctly. An incoming connection that is DNATted via a forwarding rule to a session inside the internal network to SSH is categorised incorrectly as 'other'.

[jow-]

Please try the patch below: https://gist.githubusercontent.com/jow-/547e8ea3176a5edf06250f846b887def/raw/3467b1ee943c6ccf1d488b58b120d1c5bc0cec4b/0001-nfnetlink-observe-reply-src-port-for-remote-local-co.patch

[cbz]

This patch would appear to end up classifying all traffic as other - I shall run it for a few more hours, but that's all I have at the moment.

[jow-]

You're right, this was caused by an accidentally swapped variable in the patch:

diff --git a/nfnetlink.c b/nfnetlink.c
index 559bab7..cd895f6 100644
--- a/nfnetlink.c
+++ b/nfnetlink.c
@@ -177,8 +177,8 @@ parse_event(void *reply, int len, bool allow_insert, bool update_mac)

                /* local -> remote */
                if (!match_subnet(r.family, &orig_saddr) && match_subnet(r.family, &orig_daddr)) {
-                       r.proto = orig_port;
-                       r.dst_port = orig_proto;
+                       r.proto = orig_proto;
+                       r.dst_port = orig_port;
                        r.in_pkts = reply_pkts;
                        r.in_bytes = reply_bytes;
                        r.out_pkts = orig_pkts;