Hi Hidde, Yes, there is plenty of defragmentation code and you are right that there is no 'external visibility' into it. I'm curious what you'd have in mind to give such visibility, a bool like fragmented traffic yes/no of some sort?
Paolo On Thu, Nov 09, 2017 at 04:26:37PM +0100, Hidde van der Heide wrote: > Hi, > > While looking into pmacct to monitor our Internet edge, we are also > testing is we can detect malicious activity, primarily DDoS traffic. > With the current aggregators we can gather most of the required data > but the one thing really missing is IP fragmentation. > > I noticed there is already extensive defragmentation code so it > might not be that hard to add. I'm happy to give it a try but I > wanted to make sure that I'm not overlooking something and support > is already there. > > Regards, > - Hidde > > _______________________________________________ > pmacct-discussion mailing list > http://www.pmacct.net/#mailinglists _______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists