Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Missing @reverse suffix using split biflow mode #13

Open
RacekM opened this issue Aug 27, 2020 · 2 comments
Open

Missing @reverse suffix using split biflow mode #13

RacekM opened this issue Aug 27, 2020 · 2 comments

Comments

@RacekM
Copy link

RacekM commented Aug 27, 2020

Hi,
I am from CSIRT-MU, and I have a couple of questions about ipfixcol2.
When using a PEN biflow mode, the reverse ipfix attributes are in a format XXXXX@reverse:YYYYY@reverse but when I use a SPLIT biflow mode then the reverse attributes are in another form XXXXXX:YYYYY@reverse (missing @reverse in the first part).

We think that it is an inconsistency.

I tried to investigate how does it internally works and if I get it right then If I use PEN biflow mode then internally in code there are two separated PEN configurations for each direction, but in SPLIT mode there is only one PEN conf, so the PEN name is not different for the reverse direction.

Would it be possible to unify this behaviour across different biflow modes somehow?

Also, would it be possible to add the possibility to adjust the form of a reverse suffix(@reverse)?

@Lukas955
Copy link
Collaborator

Hi,

yes, you are right that the naming is slightly inconsistent between these two modes. It was probably necessary to internally distinguish two PEN scopes in biflow mode. Nevertheless, I will try to look whether its possible to solve it soon.

Regarding the second question, yes, it would be possible, for example, by adding additional parameter to the scope definition, which will redefine the default value @reverse. However, is it really necessary to redefine it? Why would you like to change it?

Lukas

@xdanos
Copy link

xdanos commented Aug 27, 2020

Hi, Dan from CSIRT-MU here.

One of the possible problems with @reverse is the fact that @ is a reserved symbol in some tools.

This is not a priority issue, we just wanted to ask.

# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants