Hi Mikhail,
Thanks very much also for this contribution. I have passed the patch, it
does make full sense. Also in this case i removed the part of the config
knob: interfaces, if populated, _must_ be taken into account when
comparing flows; if not populated, which is the default case, well it
will be comparing a few zeroes. Here the commit log, again, with kudos
to you:
https://github.com/pmacct/pmacct/commit/977faeee8e794e24b85beaf5b33e1c4be9f3fb6f
Paolo
On Fri, Jan 17, 2020 at 01:01:53PM +0100, Mikhail Sennikovsky wrote:
> nfprobe flow tree does not take interface index into consideration
> when searching/aggregating the flow data.
> This means that for the case multiple pcap interfaces are being
> monitored and same src/dst ip/port traffic pattern is being handled
> over several of those interfaces, this will all land in the same
> FLOW entry.
> This leads to the issues that flows being handled by one network
> interface are actually reported via NetFlow (via Flow InputInt
> and OutputInt fields)as being handled by another network interface
> (held by the FLOW entry originally created for matching the given
> src/dst ip/port traffic pattern).
>
> Introduce a new nfprobe_per_interface_flows config variable to
> allow taking flow interface indexes into consideration when
> matching/searching for the FLOW entries in the flow cache tree.
>
> Signed-off-by: Mikhail Sennikovsky
> ---
> src/cfg.c | 1 +
> src/cfg.h | 1 +
> src/cfg_handlers.c | 22 ++
> src/cfg_handlers.h | 1 +
> src/nfprobe_plugin/nfprobe_plugin.c | 8
> 5 files changed, 33 insertions(+)
>
> diff --git a/src/cfg.c b/src/cfg.c
> index ddad54c..2b102bd 100644
> --- a/src/cfg.c
> +++ b/src/cfg.c
> @@ -414,6 +414,7 @@ static const struct _dictionary_line dictionary[] = {
>{"sfprobe_ifindex", cfg_key_nfprobe_ifindex},
>{"sfprobe_ifspeed", cfg_key_sfprobe_ifspeed},
>{"sfprobe_ifindex_override", cfg_key_nfprobe_ifindex_override},
> + {"nfprobe_per_interface_flows", cfg_key_nfprobe_per_interface_flows},
>{"tee_receivers", cfg_key_tee_receivers},
>{"tee_source_ip", cfg_key_nfprobe_source_ip},
>{"tee_transparent", cfg_key_tee_transparent},
> diff --git a/src/cfg.h b/src/cfg.h
> index 631b19b..d652a59 100644
> --- a/src/cfg.h
> +++ b/src/cfg.h
> @@ -550,6 +550,7 @@ struct configuration {
>int nfprobe_ifindex_type;
>int nfprobe_dont_cache;
>int nfprobe_tstamp_usec;
> + int nfprobe_per_interface_flows;
>char *sfprobe_receiver;
>char *sfprobe_agentip;
>int sfprobe_agentsubid;
> diff --git a/src/cfg_handlers.c b/src/cfg_handlers.c
> index eac176c..3fa6ed5 100644
> --- a/src/cfg_handlers.c
> +++ b/src/cfg_handlers.c
> @@ -5859,6 +5859,28 @@ int cfg_key_nfprobe_dont_cache(char *filename, char
> *name, char *value_ptr)
>return changes;
> }
>
> +int cfg_key_nfprobe_per_interface_flows(char *filename, char *name, char
> *value_ptr)
> +{
> + struct plugins_list_entry *list = plugins_list;
> + int value, changes = 0;
> +
> + value = parse_truefalse(value_ptr);
> + if (value < 0) return ERR;
> +
> + if (!name) for (; list; list = list->next, changes++)
> list->cfg.nfprobe_per_interface_flows = value;
> + else {
> +for (; list; list = list->next) {
> + if (!strcmp(name, list->name)) {
> +list->cfg.nfprobe_per_interface_flows = value;
> +changes++;
> +break;
> + }
> +}
> + }
> +
> + return changes;
> +}
> +
> int cfg_key_sfprobe_receiver(char *filename, char *name, char *value_ptr)
> {
>struct plugins_list_entry *list = plugins_list;
> diff --git a/src/cfg_handlers.h b/src/cfg_handlers.h
> index 5ab0585..5d90a9c 100644
> --- a/src/cfg_handlers.h
> +++ b/src/cfg_handlers.h
> @@ -288,6 +288,7 @@ extern int cfg_key_nfprobe_ifindex(char *, char *, char
> *);
> extern int cfg_key_nfprobe_ifindex_override(char *, char *, char *);
> extern int cfg_key_nfprobe_tstamp_usec(char *, char *, char *);
> extern int cfg_key_nfprobe_dont_cache(char *, char *, char *);
> +extern int cfg_key_nfprobe_per_interface_flows(char *, char *, char *);
> extern int cfg_key_sfprobe_receiver(char *, char *, char *);
> extern int cfg_key_sfprobe_agentip(char *, char *, char *);
> extern int cfg_key_sfprobe_agentsubid(char *, char *, char *);
> diff --git a/src/nfprobe_plugin/nfprobe_plugin.c
> b/src/nfprobe_plugin/nfprobe_plugin.c
> index f7b0dc6..46a8166 100644
> --- a/src/nfprobe_plugin/nfprobe_plugin.c
> +++ b/src/nfprobe_plugin/nfprobe_plugin.c
> @@ -150,6 +150,14 @@ flow_compare(struct FLOW *a, struct FLOW *b)
> if (a->port[1] != b->port[1])
> return (ntohs(a->port[1]) > ntohs(b->port[1]) ? 1 : -1);
>
> + if (config.nfprobe_per_interface_flows) {
> + if (a->ifindex[0] != b->ifindex[0])
> + return (a->ifindex[0] > b->ifindex[0] ? 1 : -1);
> +
> + if (a->ifindex[1] !=
