Comments (4)
An sFlow collector should never pay much attention to the IP source address of the sFlow datagrams. The collector should only look at the sFlow agent address, which is a field in the sFlow payload that is intended to be the unique identifier for the agent. This allows for the sFlow to take any available route, or be forwarded on without spoofing or tunneling.
If your question is really about avoiding untrusted paths, then I think it would work just as well to use a VRF (which you can specify in the collector{} spec in hsflowd.conf), or add an extra route to the routing table, or even add an iptables rule. An option to call bind() on the socket in the hsflowd code is certainly possible, but it seems to me like it might cause as many problems as it solves.
What do you think?
from host-sflow.
The collector can be protected by a firewall. UDP packets may have a spoofed source IP address, but nevertheless firewall can be used sometime. One fixed IP is more usable in this case.
An option to call bind() on the socket in the hsflowd code is certainly possible, but it seems to me like it might cause as many problems as it solves.
If there is an opportunity then there is a choice. What problems do you expect when using bind()?
from host-sflow.
Well, I'd forgotten we did this, but if you specify something like this:
collector { ip=10.1.2.3 dev=eth0 }
then I believe it will effectively bind to eth0. It's just that it happens not with bind() but with this call:
https://github.com/sflow/host-sflow/blob/master/src/Linux/hsflowd.c#L1116
So please try adding the dev=IF setting and let me know if that works the way you want it to. (You can also specify a namespace in the collector{} section if you need to).
from host-sflow.
So please try adding the dev=IF setting and let me know if that works the way you
I try "collector { ip=x.x.x.x dev=lo2 }". IP of lo2 is used, but packets are also sent to lo2. The point of this FR is not to be tied to interfaces through which traffic can send from host.
from host-sflow.
Related Issues (20)
- outputPort is always 0 in flow samples HOT 7
- How to handle TAP Traffic HOT 1
- hsflowd[2344]: SFF8036 ethtool ioctl failed: No such device HOT 7
- hsflowd does not work on Debian 11 HOT 4
- sflowtool is not showing any samples output HOT 1
- Total traffic Values are not accurate HOT 1
- Version 2.0.50-3 not compatible with Debian 10 HOT 1
- Incorrect tag version
- Question for the sampling rate HOT 4
- Version 2.0.51-17 does not work with bonding HOT 5
- How to modify and collect custom protocols? HOT 4
- FreeBsd Pcap conf error HOT 2
- Issues running host-sflow on Windows hyper-v
- Newer builds for RHEL-8 based distros HOT 4
- The agentIP selection is wrong when multi devices have same IPv4/IPv6 address HOT 5
- mod_psample, mod_dropmon drops samples larger than 8124 bytes HOT 6
- double disk stats computed HOT 1
- Ability to use tunnel interfaces like GRE for sFlow HOT 2
- No out interfaces on flows HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from host-sflow.