You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Just a suggestion: I'm working in an environment where we want to send Netflow V9 or IPFIX data are sent from ipt-netflow to a remote server over an encrypted tunnel (Wireguard). Everything works OK in general, but because the size of netflow9_pdu is fixed, once headers are added, the size of the datagram frequently exceeds the MTU of the tunnel, and the datagram ends up being fragmented, leading to (worst case) doubling the number of packets, half of them full-sized, half tiny, and performance suffers. It seems like it could be advantageous to have an option in /proc/sys/net/netflow to tune the size of the PDU. Given the careful way you coded the check for free space in the PDU, it doesn't look too hard.
Alternatively, though not as accessible for most people, maybe the size of the version-specific PDU data[] arrays in ipt_NETFLOW.h could be controlled by a compile-time option rather than hard-coded at 1400?
The text was updated successfully, but these errors were encountered:
Just a suggestion: I'm working in an environment where we want to send Netflow V9 or IPFIX data are sent from ipt-netflow to a remote server over an encrypted tunnel (Wireguard). Everything works OK in general, but because the size of netflow9_pdu is fixed, once headers are added, the size of the datagram frequently exceeds the MTU of the tunnel, and the datagram ends up being fragmented, leading to (worst case) doubling the number of packets, half of them full-sized, half tiny, and performance suffers. It seems like it could be advantageous to have an option in /proc/sys/net/netflow to tune the size of the PDU. Given the careful way you coded the check for free space in the PDU, it doesn't look too hard.
Alternatively, though not as accessible for most people, maybe the size of the version-specific PDU data[] arrays in ipt_NETFLOW.h could be controlled by a compile-time option rather than hard-coded at 1400?
The text was updated successfully, but these errors were encountered: