| Subject: | Filters should be cloned per src IP/port pair |
Some protocols (NetFlow v9 and IPFIX for example) need to maintain
information from previous packets in order to decode later packets. If
more than one src is sending packets to the same destination (IP/port)
there isn't enough information for a Filter to correctly decode the data.
There still only needs to be one InputFilter in new it just needs to be
be cloned for each src IP/port pair. Conceptually this is similar to
the way the TCP wheel clones filters for each connection.
In theory at least the cloned filters need to be cleaned up when they
are no longer in use. It isn't clear to me how/when best to do this,
since unlike TCP, we don't *know* for sure when a connection is done.
In practice it hasn't proved to be a problem for me to just leave them
around.