From 9490539be2fa9b45057c9346a58d76e209cff31e Mon Sep 17 00:00:00 2001
From: Ian <i3149@users.noreply.github.com>
Date: Tue, 4 Oct 2022 16:18:20 -0700
Subject: [PATCH] Fixing a bug where some egress flow is attributed to ingess
 values (#446)

---
 config.go                 |  4 ++--
 pkg/inputs/flow/format.go | 18 ++++++++++++++++--
 2 files changed, 18 insertions(+), 4 deletions(-)

diff --git a/config.go b/config.go
index 290a88a6..8475b623 100644
--- a/config.go
+++ b/config.go
@@ -8,9 +8,9 @@ import (
 
 const (
 	// FlowFields are fields for the Flow input
-	FlowFields = "Type,TimeReceived,SequenceNum,SamplingRate,SamplerAddress,TimeFlowStart,TimeFlowEnd,Bytes,Packets,SrcAddr,DstAddr,Etype,Proto,SrcPort,DstPort,InIf,OutIf,SrcMac,DstMac,SrcVlan,DstVlan,VlanId,IngressVrfID,EgressVrfID,IPTos,ForwardingStatus,IPTTL,TCPFlags,IcmpType,IcmpCode,IPv6FlowLabel,FragmentId,FragmentOffset,BiFlowDirection,SrcAS,DstAS,NextHop,NextHopAS,SrcNet,DstNet,HasMPLS,MPLSCount,MPLS1TTL,MPLS1Label,MPLS2TTL,MPLS2Label,MPLS3TTL,MPLS3Label,MPLSLastTTL,MPLSLastLabel,CustomInteger1,CustomInteger2,CustomInteger3,CustomInteger4,CustomInteger5,CustomBytes1,CustomBytes2,CustomBytes3,CustomBytes4,CustomBytes5"
+	FlowFields = "Type,TimeReceived,SequenceNum,SamplingRate,SamplerAddress,TimeFlowStart,TimeFlowEnd,Bytes,Packets,SrcAddr,DstAddr,Etype,Proto,SrcPort,DstPort,InIf,OutIf,SrcMac,DstMac,SrcVlan,DstVlan,VlanId,IngressVrfID,EgressVrfID,IPTos,ForwardingStatus,IPTTL,TCPFlags,IcmpType,IcmpCode,IPv6FlowLabel,FragmentId,FragmentOffset,FlowDirection,BiFlowDirection,SrcAS,DstAS,NextHop,NextHopAS,SrcNet,DstNet,HasMPLS,MPLSCount,MPLS1TTL,MPLS1Label,MPLS2TTL,MPLS2Label,MPLS3TTL,MPLS3Label,MPLSLastTTL,MPLSLastLabel,CustomInteger1,CustomInteger2,CustomInteger3,CustomInteger4,CustomInteger5,CustomBytes1,CustomBytes2,CustomBytes3,CustomBytes4,CustomBytes5"
 	// FlowDefaultFields are the default fields for flow
-	FlowDefaultFields = "TimeReceived,SamplingRate,Bytes,Packets,SrcAddr,DstAddr,Proto,SrcPort,DstPort,InIf,OutIf,SrcVlan,DstVlan,TCPFlags,SrcAS,DstAS,Type,SamplerAddress"
+	FlowDefaultFields = "TimeReceived,SamplingRate,Bytes,Packets,SrcAddr,DstAddr,Proto,SrcPort,DstPort,InIf,OutIf,SrcVlan,DstVlan,TCPFlags,SrcAS,DstAS,Type,SamplerAddress,FlowDirection"
 	// KentikAPITokenEnvVar is the environment variables used to get the Kentik API Token
 	KentikAPITokenEnvVar = "KENTIK_API_TOKEN"
 )
diff --git a/pkg/inputs/flow/format.go b/pkg/inputs/flow/format.go
index 3aac03fe..74605362 100644
--- a/pkg/inputs/flow/format.go
+++ b/pkg/inputs/flow/format.go
@@ -157,6 +157,12 @@ func (t *KentikDriver) toJCHF(fmsg *flowmessage.FlowMessage) *kt.JCHF {
 				// Assume seconds and multiply
 				in.Timestamp = in.Timestamp * 1000
 			}
+		case "FlowDirection":
+			if fmsg.FlowDirection == 1 {
+				in.CustomStr[field] = "egress"
+			} else {
+				in.CustomStr[field] = "ingress"
+			}
 		case "SequenceNum":
 			in.CustomBigInt[field] = int64(fmsg.SequenceNum)
 		case "SamplingRate":
@@ -170,9 +176,17 @@ func (t *KentikDriver) toJCHF(fmsg *flowmessage.FlowMessage) *kt.JCHF {
 		case "TimeFlowEnd":
 			in.CustomBigInt[field] = int64(fmsg.TimeFlowEnd)
 		case "Bytes":
-			in.InBytes = fmsg.Bytes
+			if fmsg.FlowDirection == 1 {
+				in.OutBytes = fmsg.Bytes
+			} else {
+				in.InBytes = fmsg.Bytes
+			}
 		case "Packets":
-			in.InPkts = fmsg.Packets
+			if fmsg.FlowDirection == 1 {
+				in.OutPkts = fmsg.Packets
+			} else {
+				in.InPkts = fmsg.Packets
+			}
 		case "SrcAddr":
 			in.SrcAddr = net.IP(fmsg.SrcAddr).String()
 		case "DstAddr":