Yes, there is plenty of defragmentation code and you are right that
there is no 'external visibility' into it. I'm curious what you'd have
in mind to give such visibility, a bool like fragmented traffic yes/no
of some sort?
On Thu, Nov 09, 2017 at 04:26:37PM +0100, Hidde van der Heide wrote:
> While looking into pmacct to monitor our Internet edge, we are also
> testing is we can detect malicious activity, primarily DDoS traffic.
> With the current aggregators we can gather most of the required data
> but the one thing really missing is IP fragmentation.
> I noticed there is already extensive defragmentation code so it
> might not be that hard to add. I'm happy to give it a try but I
> wanted to make sure that I'm not overlooking something and support
> is already there.
> - Hidde
> pmacct-discussion mailing list
pmacct-discussion mailing list