Oooh, yes, thank you. I'm not sure how I missed that, but that looks nice.
On Mon, Sep 21, 2015 at 5:50 PM, Robin Sommer wrote:
> On Mon, Sep 21, 2015 at 11:20 -0500, you wrote:
>
> > I'm wondering if anyone has given any further thought to or done any work
> > on this.
>
> Yep, it's in place. :
On Mon, Sep 21, 2015 at 11:20 -0500, you wrote:
> I'm wondering if anyone has given any further thought to or done any work
> on this.
Yep, it's in place. :) See fb848f795de8ef22987ba01980ff65be1231b312.
> was reminded of what a mess Sessions.cc currently is. I think moving
> towards passing a
Apologies for resurrecting an old thread.
I'm wondering if anyone has given any further thought to or done any work
on this. While looking at BIT-1480 (adding ERSPAN decapsulation support), I
was reminded of what a mess Sessions.cc currently is. I think moving
towards passing a Packet structure ar
That sounds good! Both ideas seem to add an interesting level of
additional flexibility and analytic potential.
--
Eric Thomas
edth...@sandia.gov
On 4/29/15, 4:59 PM, "Robin Sommer" wrote:
>What if we did a combination of what I suggested and your thoughts
>here? We carry link-level features
What if we did a combination of what I suggested and your thoughts
here? We carry link-level features through to script-land inside the
connection record, and in addition allowed to transfer a custom subset
over to the connection ID for hashing? The latter could be done later
as a second step.
Rob
Hi Robin,
I thought more about your generalized idea and would like to follow up. To
start, adding link-level features to the connection ID hash, while perhaps
useful in some contexts, does not provide us the functionality we desire.
I have an incoming feed of VLAN-tagged traffic (both VLAN and 80
