Hello list, I'm trying to figure out if it's possible, and if so: how, to classify packets as inbound or outbound based on the "actual" direction the packet flows and thus not relying on the source/destination ip address in the packet. In dynamically routed networks, a given (super)subnet can exist on more than one leg of a router. One could somehow tie the dynamic routing data into pmacct by updating the aggregrate_filter settings when the topology changes. This doesn't strike as a very decent or even scalable solution though. Based on my searches on the web, it seems (lib)pcap throws away any directional data before passing it on to the program using the data. Another thought that crossed my mind was the use of the source/destination mac address. But again, this doesn't scale well (even though I only monitor transport interfaces which tend to have a /29 or /28 configured (and multiple /24s routed over them)). I'm hoping there's a more elegant solution though. So if anyone has any ideas/pointers, I'm all ears (well, eyes).
Regards, Ruben Laban _______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
