From 1d1193a72c51a341907e7752326c0170111d0aa1 Mon Sep 17 00:00:00 2001
From: Mikhail Kot <mikhail@neon.tech>
Date: Thu, 5 Dec 2024 11:56:35 +0000
Subject: [PATCH] filter internal traffic

---
 neonvm-runner/cmd/main.go | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/neonvm-runner/cmd/main.go b/neonvm-runner/cmd/main.go
index 1ac0203e6..2a491353d 100644
--- a/neonvm-runner/cmd/main.go
+++ b/neonvm-runner/cmd/main.go
@@ -712,14 +712,23 @@ func getNetworkBytesCounter(iptables *iptables.IPTables, chain string) (uint64,
 	if err != nil {
 		return cnt, err
 	}
+
+	// We need to measure only external traffic to/from vm, so we filter internal traffic
 	for _, rawStat := range rules {
 		stat, err := iptables.ParseStat(rawStat)
 		if err != nil {
 			return cnt, err
 		}
-		if stat.Protocol == "6" { // tcp
-			cnt += stat.Bytes
+		if stat.Protocol != "6" { // count tcp only
+			continue
+		}
+		src, dest := stat.Source.IP, stat.Destination.IP
+		if src.IsUnspecified() || dest.IsUnspecified() ||
+			src.IsLoopback() || dest.IsLoopback() ||
+			src.IsPrivate() || dest.IsPrivate() {
+			continue
 		}
+		cnt += stat.Bytes
 	}
 	return cnt, nil
 }