Feature #5646
open
Task #5645: tracking: elephant flow detection
rules: allow matching on flow pkts and bytes in either direction
Added by Victor Julien almost 2 years ago.
Updated 2 months ago.
Description
Probably need some logic to express direction, e.g.
flow.pkts:toserver,>,10000;
flow.pkts:either,=,10000;
flow.bytes:both,>,1G;
Exact syntax TBD.
- Related to Feature #6164: rules: allow matching on flow pkts and bytes added
Not sure if we need the "both" support. Would that be useful? And I guess an "either" option would make sense as well?
"either" is good in my opinion.
- Related to Feature #7097: Additions to flow detection - size added
- Status changed from New to Assigned
- Assignee changed from OISF Dev to Shivani Bhardwaj
- Target version changed from TBD to 8.0.0-beta1
- Priority changed from Normal to High
Also need: elephant flow counter
- Subject changed from rules: allow matching on flow pkts and bytes to rules: allow matching on flow pkts and bytes in either direction
- Status changed from Assigned to In Review
Also available in: Atom
PDF